Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDaniel MarquesPACKETSTORM:125839
HistoryMar 24, 2014 - 12:00 a.m.

php-font-lib 0.3 Cross Site Scripting

2014-03-2400:00:00
Daniel Marques
packetstormsecurity.com
39

EPSS

0.003

Percentile

65.9%

JSON
`==========================================================  
php-font-lib - Subset maker (make_subset.php) Reflected Cross-site Scripting  
Revision 1.0  
==========================================================  
Author: Daniel C. Marques (@0xc0da)  
Release date: 2014-03-23  
Reference: http://codalabs.net/cla-2014-001  
  
Disclosure Timeline  
===============  
2014-03-19 - Developer notified.  
2014-03-19 - Developer patch.  
2014-03-20 - CVE-2014-2570 assigned.  
2014-03-23 - Public disclosure.  
  
Product Information  
===============  
Product: php-font-lib  
Description: A library to read, parse, export and make subsets of different types of font files.  
Developer: Fabien Ménager  
Website: https://github.com/PhenX/php-font-lib  
  
Overview  
=======  
The Subset maker of the affected php-font-lib versions is vulnerable to a Reflected Cross-site Scripting. This vulnerability might allow remote unauthenticated attackers to inject arbitrary Javascript or HTML via the ‘name’ parameter. This flaw exists because the contents of ‘name’ are not sanitized before it is inserted in the web page.  
  
Vulnerability Information  
==================  
Vulnerability: Reflected Cross-site Scripting  
CVE Identifier: CVE-2014-2570  
CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)  
CWE Identifier: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')  
Affected releases: 0.3  
  
Vulnerability details  
==============  
The make_subset.php script in the ‘www’ directory does not sanitize the contents of the ‘name’ parameter before echoing it to the user. The vulnerable piece of code is shown below:  
  
<h1><?php echo $name ?></h1>  
  
This vulnerability can be used to inject Javascript code to be rendered by the browser. An attacker must trick the user to access a crafted URL (using social engineering, e.g.) for a successful attack.   
  
Proof-of-Concept  
=============  
http://www.example.com/php-font-lib/www/make_subset.php?fontfile=../fonts/Norasi.ttf&name=<script>alert('XSS')</script>  
  
Solution  
======  
The developer informed that version 0.3.1 fixes the issue.   
  
Credits  
======  
Vulnerability identified and reported by Daniel C. Marques (@0xc0da).   
  
  
References  
=========  
[1] https://github.com/PhenX/php-font-lib  
[2] https://github.com/PhenX/php-font-lib/releases/tag/0.3.1  
[3] https://cwe.mitre.org/data/definitions/79.html  
[4] http://codalabs.net/cla-2014-001  
`

Related

ubuntucve 1
debiancve 1
securityvulns 2
prion 1
nvd 1
seebug 1
cvelist 1
cve 1
ubuntucve
ubuntucve
CVE-2014-2570
2015-08-31 00:00:00
debiancve
debiancve
CVE-2014-2570
2015-08-31 18:59:05
securityvulns
securityvulns
CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting
2014-05-05 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-05-05 00:00:00
prion
prion
Cross site scripting
2015-08-31 18:59:00
nvd
nvd
CVE-2014-2570
2015-08-31 18:59:05
seebug
seebug
php-font-lib 'name'参数跨站脚本漏洞
2014-03-25 00:00:00
cvelist
cvelist
CVE-2014-2570
2015-08-31 18:00:00
cve
cve
CVE-2014-2570
2015-08-31 18:59:05

EPSS

0.003

Percentile

65.9%

JSON
Related for PACKETSTORM:125839
ubuntucve1debiancve1securityvulns2prion1nvd1seebug1cvelist1cve1