lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 Jun 2008 14:53:16 +0200 (CEST)
From: "S21sec labs" <s21seclabs@...sec.com>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS)

##############################################################

                     - S21Sec Advisory -

##############################################################

      Title:  OpenDocMan Cross Site Scripting (XSS)
         ID:  S21sec-044-en
   Severity:  Low
    History:  15.Apr.2008 Vulnerability discovered
                    16.Apr.2008 Vendor contacted
                    27.May.2008 Patch available
      Scope:  Cross Site Scripting XSS
  Platforms:  Any
     Author:  Sergi Roselló (srosello@...sec.com)
        URL:  http://www.s21sec.com/avisos/s21sec-044-en.txt
    Release:  Public


[ SUMMARY ]

OpenDocMan is a free document management system (DMS) designed to
comply with ISO 17025 and OIE standard for document management. It
features web based access, fine grained control of access to files,
and automated install and upgrades.


[ AFFECTED VERSIONS ]

This vulnerability has been tested in version v1.2.5 (March, 2nd 2007).


[ DESCRIPTION ]

An insufficient input validation allows code injection in the
parameter 'last_message'. Example:
http://server/opendocman-1.2.5/out.php?last_message=%3Cscript%3Ealert(document.cookie)%3C/script%3E


[ WORKAROUND ]

There is  patch available in the following url:
https://sourceforge.net/tracker/index.php?func=detail&aid=1975163&group_id=69505&atid=524753


[ ACKNOWLEDGMENTS ]

This vulnerability has been found and researched by:

    - Sergi Roselló <srosello@...sec.com> S21sec


[ REFERENCES ]

* OpenDocman
  http://opendocman.com/

* S21sec
   http://www.s21sec.com

* S21sec Blog
   http://blog.s21sec.com

Powered by blists - more mailing lists