S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS) Jun 17 2008 12:53PM
S21sec labs (s21seclabs s21sec com)
##############################################################

- S21Sec Advisory -

##############################################################

Title: OpenDocMan Cross Site Scripting (XSS)
ID: S21sec-044-en
Severity: Low
History: 15.Apr.2008 Vulnerability discovered
16.Apr.2008 Vendor contacted
27.May.2008 Patch available
Scope: Cross Site Scripting XSS
Platforms: Any
Author: Sergi Roselló (srosello (at) s21sec (dot) com [email concealed])
URL: http://www.s21sec.com/avisos/s21sec-044-en.txt
Release: Public

[ SUMMARY ]

OpenDocMan is a free document management system (DMS) designed to
comply with ISO 17025 and OIE standard for document management. It
features web based access, fine grained control of access to files,
and automated install and upgrades.

[ AFFECTED VERSIONS ]

This vulnerability has been tested in version v1.2.5 (March, 2nd 2007).

[ DESCRIPTION ]

An insufficient input validation allows code injection in the
parameter 'last_message'. Example:
http://server/opendocman-1.2.5/out.php?last_message=%3Cscript%3Ealert(do
cument.cookie)%3C/script%3E

[ WORKAROUND ]

There is patch available in the following url:
https://sourceforge.net/tracker/index.php?func=detail&aid=1975163&group_
id=69505&atid=524753

[ ACKNOWLEDGMENTS ]

This vulnerability has been found and researched by:

- Sergi Roselló <srosello (at) s21sec (dot) com [email concealed]> S21sec

[ REFERENCES ]

* OpenDocman
http://opendocman.com/

* S21sec
http://www.s21sec.com

* S21sec Blog
http://blog.s21sec.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus