Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: XSS vulnerability in opencms v9.0.1 workplace - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
XSS vulnerability in opencms v9.0.1 workplace
One of our clients pen testing companies raised a high priority issue stating that Alkacon OpenCms 9.0.1 workspace is XSS prone and allows remote attackers to inject arbitrary web script or HTML. Below are some of the URL examples and parameters that are found to be vulnerable, but there seems to be many others.

Affected URLs:
/system/workplace/admin/linkvalidation/external/validateexternallinks.jsp
Parameters Affected:
reporttype, style, threadhasnext

/system/workplace/views/admin/admin-main.jsp
Parameters Affected:
style
reporttype
threadhasnext
reportcontinuekey
title

/system/workplace/views/explorer/contextmenu.jsp
Parameters Affected: acttarget

Recommended solution from one of the pen testing companies is:
perform HTML and/or JavaScript escaping before displaying any content

Has any one encountered similar issue and any suggestions on fixing this without going too much into opencms code please? We already raised a call with opencms https://github.com/alkacon/opencms-core/issues/261 but haven't heard anything back yet!

Thanking you in advance for any advise,
Murali

Note to admin: I tried raising a thread earlier and I think the session got timedout before I submitted. Please delete if there is a duplicate entry created in the backend still.
Murali

1 Posts
If you are at SANS FIRE and didn't get one, ask me or another pen test instructor for one, and we'll gladly hand one to you. Also, tonight at the SANS NetWars event at SANSFIRE, we'll have some posters for you.


__________
Sami
Anonymous

Sign Up for Free or Log In to start participating in the conversation!