lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <d6d8dcb7-082c-7196-70c4-1b0c307b98e6@ras-it.rs> Date: Mon, 6 Aug 2018 12:15:12 +0200 From: Nikola Kojic <nikola.kojic@...-it.rs> To: fulldisclosure@...lists.org Subject: [FD] CVE-2018-12090 - LAMS < 3.1 Unauthenticated Cross-Site Scripting # Exploit Title: LAMS < 3.1 - Unauthenticated Reflected XSS # Date: 2018-08-06 # Exploit Author: Nikola Kojic # Website: https://ras-it.rs/ # Vendor Homepage: https://www.lamsfoundation.org/ # Software Link: https://www.lamsfoundation.org/downloads_home.htm # Category: Web Application # Platform: Java # Version: < 3.1 # CVE : 2018-12090 1. Vendor Description: LAMS is a revolutionary new tool for designing, managing and delivering online collaborative learning activities. It provides teachers with a highly intuitive visual authoring environment for creating sequences of learning activities. 2. Technical Details and Exploitation: There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change. 3. Proof of Concept: http://localhost:8080/lams/forgotPasswordChange.jsp?key=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E 4. Solution: The vendor has fixed the issues and released the patches. https://code.lamsfoundation.org/fisheye/changelog/lams-github?cs=6825a5272d3a48f8cafa370b0e0107cc9077cff6 5. Timeline: 2018-06-07: Discovered 2018-06-08: Vendor notified 2018-06-08: Vendor replies 2018-06-11: CVE number requested 2018-06-11: CVE number assigned 2018-06-15: Patch released 2018-08-05: Public disclosure _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists