Full Disclosure mailing list archives
Celoxis <= 9.5 - Cross Site Scripting (XSS)
From: Manuel Mancera <mmancera () a2secure com>
Date: Mon, 23 Nov 2015 11:40:05 +0100
================================================================ Celoxis <= 9.5 - Cross Site Scripting (XSS) ================================================================ Information -------------------- Name: Celoxis <= 9.5 - Cross Site Scripting (XSS) Affected Software : Celoxis Affected Versions: <= 9.5 Vendor Homepage : http://www.celoxis.com Vulnerability Type : Cross Site Scripting Severity : Low CVE: n/a Product -------------------- Celoxis is a web-based project management software. Description --------------------Exist a vulnerability in the calendar.wm that allow an attacker execute arbitrary javascript in the browser context of a victim. Also, the attacker could steal the cookie because it is not being protected by HTTPOnly flag and is possible avoid the filters with the eval function.
Proof of Concept URL -------------------- https://celoxisSite/psa/cal.Calendar.wm?p_ca_date=<script>alert("XSS")</script> Advisory Timeline -------------------- 08/10/2015 - Informed Vendor about Issue 08/10/2015 - Vendor responded 12/11/2015 - Reminded Vendor14/11/2015 - Vendor responded saying 'they changed the framework itself to handle XSS'.
23/11/2015 - Fix released (vendor informed us) 23/11/2015 - Vulnerability published Credits & Authors -------------------- Manuel Mancera (@sinkmanu) www.a2secure.com Disclaimer ------------------- All information is provided without warranty. The intent is to provide information to secure infrastructure and/or systems, not to be able to attack or damage. Therefore A2Secure shall not be liable for any direct or indirect damages that might be caused by using this information. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Celoxis <= 9.5 - Cross Site Scripting (XSS) Manuel Mancera (Nov 24)