[<prev] [next>] [day] [month] [year] [list]
Message-ID: <5652ED05.7090301@a2secure.com>
Date: Mon, 23 Nov 2015 11:40:05 +0100
From: Manuel Mancera <mmancera@...ecure.com>
To: fulldisclosure@...lists.org
Subject: [FD] Celoxis <= 9.5 - Cross Site Scripting (XSS)
================================================================
Celoxis <= 9.5 - Cross Site Scripting (XSS)
================================================================
Information
--------------------
Name: Celoxis <= 9.5 - Cross Site Scripting (XSS)
Affected Software : Celoxis
Affected Versions: <= 9.5
Vendor Homepage : http://www.celoxis.com
Vulnerability Type : Cross Site Scripting
Severity : Low
CVE: n/a
Product
--------------------
Celoxis is a web-based project management software.
Description
--------------------
Exist a vulnerability in the calendar.wm that allow an attacker execute
arbitrary javascript in the browser context of a victim. Also, the
attacker could steal the cookie because it is not being protected by
HTTPOnly flag and is possible avoid the filters with the eval function.
Proof of Concept URL
--------------------
https://celoxisSite/psa/cal.Calendar.wm?p_ca_date=<script>alert("XSS")</script>
Advisory Timeline
--------------------
08/10/2015 - Informed Vendor about Issue
08/10/2015 - Vendor responded
12/11/2015 - Reminded Vendor
14/11/2015 - Vendor responded saying 'they changed the framework itself
to handle XSS'.
23/11/2015 - Fix released (vendor informed us)
23/11/2015 - Vulnerability published
Credits & Authors
--------------------
Manuel Mancera (@sinkmanu)
www.a2secure.com
Disclaimer
-------------------
All information is provided without warranty. The intent is to provide
information to secure infrastructure and/or systems, not to be able to
attack or damage. Therefore A2Secure shall not be liable for any direct
or indirect damages that might be caused by using this information.
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists