Feng Office version 2.3.2-rc suffers from a cross site scripting vulnerability.
Advisory ID: HTB23174
Product: Feng Office
Vendor: Secure Data SRL
Vulnerable Version(s): 2.3.2-rc and probably prior
Tested Version: 2.3.2-rc
Advisory Publication: September 18, 2013 [without technical details]
Vendor Notification: September 18, 2013
Public Disclosure: October 9, 2013
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2013-5744
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in Feng Office, which can be exploited to perform Cross-Site Scripting (XSS) attacks against users of vulnerable application.
1) Cross-Site Scripting (XSS) in Feng Office: CVE-2013-5744
1.1 The vulnerability exists due to insufficient sanitisation of user-supplied data in "ref_[any]" HTTP GET parameter passed to "/index.php" script. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation example below uses JavaScript "alert()" function to display user's cookies:
http://[host]/index.php?c=access&a=login&ref_abc=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
-----------------------------------------------------------------------------------------------
Solution:
Vendor did not reply to 3 notifications by email, 1 notification by twitter, 1 notification by contact form on website, 1 forum thread, 1 support ticket. Currently we are not aware of any official solution for this vulnerability.
Unofficial patch was developed by High-Tech Bridge Security Research Lab and is available here: https://www.htbridge.com/advisory/HTB23174-patch.zip
# 0day.today [2018-02-18] #