BugTraq
[S21SEC-047] Fotoware Fotoweb 8.0 Cross Site Scripting Jul 29 2016 10:41AM
S21sec Vulnerability Research (vulns s21sec com)
##############################################################

- S21Sec Advisory -
- S21SEC-047-en.txt -

##############################################################

Title: Fotoware Fotoweb 8.0 Cross Site Scripting (XSS)
ID: S21sec-047-en
Severity: Low
History: May.2016 Vulnerability discovered
June.2016 Vendor contacted
July.2016 Vendor patch acknowledge.
Scope: Cross Site Scripting XSS
Platforms: Any
Author: Miguel A. Hernandez / Departamento Auditoria S21sec.

Release: Public

[ SUMMARY ]

Fotoweb is an enterprise grade Digital Asset Management System (DMS).
A DMS provides a central repository of pictures and media files.

Unfiltered user-supplied data can lead a reflected XSS vulnerability.
This allows an attacker to execute arbitrary JavaScript in the context of the
browser of a victim if the victim clicks on an attacker supplied link or visits
an attacker controlled website.

[ AFFECTED VERSIONS ]

This vulnerability has been tested and found working on version 8.0.715.5753

[ DESCRIPTION ]

An insufficient input validation allows JS code injection in the
parameter 'to' in login page. Example:

http://fotowebserver/fotoweb/views/login?to=/fotoweb/%22;}%20else%20{%20
alert%28%22S21sec%20XSS%22%29;%20}%20if%20%28inIframe%28%29%29%20{%20var
%20relleno=%22

[ WORKAROUND ]

The reported vulnerability has been reviewed by Fotoware development team.
This issue is addressed in FotoWeb 8 Feature Release 8.

[ ACKNOWLEDGMENTS ]

This vulnerability has been found and researched by:

- Miguel A. Hernandez [ Departamento de Auditoria S21sec ]

We would like to acknowledge the assistance of Fotoware:

- John Fredrik Engeland [ Fotoware Support Manager ]

[ REFERENCES ]

* Fotoware
http://fotoware.com

* S21sec
http://www.s21sec.com

* S21sec Blog
http://blog.s21sec.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus