XSS in OpenConext-EngineBlock 5.7.0 to 5.7.3


fulldisclosure logo
Full Disclosure
mailing list archives

XSS in OpenConext-EngineBlock 5.7.0 to 5.7.3


From: Andrew Klaus
Date: Thu, 12 Jul 2018 13:14:24 -0600


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

XSS vulnerabilities were found in multiple pages that allows an attacker to
inject arbitrary web scripts.

The Twig PHP extension configuration was not sanitizing user input before
display it to the user.

Issues fixed in version 5.7.4 and 5.8.0. Git commit here:
https://github.com/OpenConext/OpenConext-engineblock/pull/566

PoC URLs:
https://engine.example.org/authentication/idp/help-discover?%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E
https://engine.example.org/authentication/idp/single-sign-on?%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E

CVE assigned: CVE-2018-1000611

Timeline:
- - - 2018-06-29: Notified SURFnet about the vulnerability
- - - 2018-07-04: Patch pull request created on Github
- - - 2018-07-04: CVE Requested
- - - 2018-07-05: Patch was merged on Github
- - - 2018-07-12: Announcing on Full Disclosure
-----BEGIN PGP SIGNATURE-----

iQE9BAEBCgAnIBxBbmRyZXcgS2xhdXMgPGFuZHJld0Bha2xhdXMuY2E+BQJbR6ae
AAoJEFYqtOvsX+ttmS0H/AorN3q5I3GmVUcjEYhwym1E/VJVFD1vfPQQf/XGtXdu
O9qPjfVFmuCG1jXItLJmtUEDVU/HI8bLubyvhFzrvGB4tyJ8Y5mMR2GTBvQ3+o4W
ckgw7wcMGWiVNEjvddgGlALg0W8eC23NoZoi92J5Cg8Ni3+ARvt6j/7sRp4Jn+Kp
x2h8GeoPSp920QMoTYrehh16W/bRNRz/a9Y63UfNLSqv4DmZsMoa9NzA91T0GexP
MHpObqbf6arQ5UzFKKF/UUsrQ8aiAL7tKsrhHs+byZZoiuHw/18eLeY82UKN8ocD
ysrciARYDc53T0slM9wJZ6zy8XHghKjIUV9QmFstNUk=
=rdVB
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/




  By Date  
     
  By Thread  

Current thread:

  • XSS in OpenConext-EngineBlock 5.7.0 to 5.7.3 Andrew Klaus (Jul 13)


Read Original
Author: