[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Celoxis <= 9.5 - Cross Site Scripting (XSS)
From: Manuel Mancera <mmancera () a2secure ! com>
Date: 2015-11-23 10:40:05
Message-ID: 5652ED05.7090301 () a2secure ! com
[Download RAW message or body]
================================================================
Celoxis <= 9.5 - Cross Site Scripting (XSS)
================================================================
Information
--------------------
Name: Celoxis <= 9.5 - Cross Site Scripting (XSS)
Affected Software : Celoxis
Affected Versions: <= 9.5
Vendor Homepage : http://www.celoxis.com
Vulnerability Type : Cross Site Scripting
Severity : Low
CVE: n/a
Product
--------------------
Celoxis is a web-based project management software.
Description
--------------------
Exist a vulnerability in the calendar.wm that allow an attacker execute
arbitrary javascript in the browser context of a victim. Also, the
attacker could steal the cookie because it is not being protected by
HTTPOnly flag and is possible avoid the filters with the eval function.
Proof of Concept URL
--------------------
https://celoxisSite/psa/cal.Calendar.wm?p_ca_date=<script>alert("XSS")</script>
Advisory Timeline
--------------------
08/10/2015 - Informed Vendor about Issue
08/10/2015 - Vendor responded
12/11/2015 - Reminded Vendor
14/11/2015 - Vendor responded saying 'they changed the framework itself
to handle XSS'.
23/11/2015 - Fix released (vendor informed us)
23/11/2015 - Vulnerability published
Credits & Authors
--------------------
Manuel Mancera (@sinkmanu)
www.a2secure.com
Disclaimer
-------------------
All information is provided without warranty. The intent is to provide
information to secure infrastructure and/or systems, not to be able to
attack or damage. Therefore A2Secure shall not be liable for any direct
or indirect damages that might be caused by using this information.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic