[<prev] [next>] [day] [month] [year] [list]
Message-ID: <6886de5a0908240246x3d2a5ffao6a36f05acf2e3752@mail.gmail.com>
Date: Mon, 24 Aug 2009 11:46:59 +0200
From: Francesco Bianchino <f.bianchino@...il.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
vuln@...unia.com
Subject: Radvision's Scopia Cross Site Scripting
Vulnerabilities
Radvision's Scopia Cross Site Scripting Vulnerabilities
***********************************************************************
Author: Francesco Bianchino
contact: f.bianchino at gmail dot com
Product: Radvision's Scopia
Version: 5.7
Vendor Site: http://www.radvision.com
Product Support Page: http://www.radvision.com/Support/SCOPIA-57-Support/
***********************************************************************
Summary
Radvision's Scopia provides a solution for voice and video
collaborative communications.
***********************************************************************
Vulnerability Detail
The web-based interface is exposed to an XSS attack, the index.jsp
page does not check the user's input and is possible to inject
arbitrary code into the page parameters.
It's possible to steal user's cookie or other data sending a malicious
crafted URL to authenticated user.
***********************************************************************
PoC
http://www.example.com/scopia/entry/index.jsp?page=play%3c%2fsCrIpT%3e%3csCrIpT%3ealert("document.cookie")%3c%2fsCrIpT%3e
***********************************************************************
Solution
Radvision has fixed the issue in SD 7.0.100 and later version.
***********************************************************************
Credits
Discovered and advised to Radvision, August 2009 by Francesco Bianchino.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists