Offiria version 2.1.0 suffers from a cross site scripting vulnerability.
Product: Offiria
Vendor: Slashes & Dots Sdn Bhd.
Vulnerable Version(s): 2.1.0 and probably prior
Tested Version: 2.1.0
Advisory Publication: April 2, 2014 [without technical details]
Vendor Notification: April 2, 2014
Public Disclosure: May 7, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-2689
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered vulnerability in Offiria, which can be exploited to perform Cross-Site Scripting (XSS) attacks against users of vulnerable application.
1) Reflected Cross-Site Scripting (XSS) in Offiria: CVE-2014-2689
The vulnerability exists due to insufficient sanitisation of user-supplied data in URI after "/installer/index.php" script that is not removed from the system by default. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
The following exploitation example displays "immuniweb" word:
http://[host]/installer/index.php/%22onmouseover%3d%22alert%28%27immuniweb%27%29;%22%3d%22%3E
-----------------------------------------------------------------------------------------------
Solution:
Currently we are not aware of any official solution for this vulnerability. The vendor did not respond to:
- 6 notifications by email
- 1 notification via twitter
- 1 notification via GitHub
As a temporary solution it is recommended to remove the vulnerable script or restrict access to it via .htaccess file or WAF.
# 0day.today [2018-04-13] #