Back to list
secuvera-SA-2017-03: Reflected Cross-Site-Scripting Vulnerabilities in OCS Inventory NG ocsreports Web application
Apr 09 2018 02:57PM
Simon Bieber (sbieber secuvera de)
(older releases have not been tested)
https://www.secuvera.de/advisories/secuvera-SA-2017-03.txt (used for updates)
eleased/ (Release announcement of OCS Inventory 2.4.1)
Open Computer and Software Inventory Next Generation (OCS inventory NG) is free software that enables users to inventory IT assets. (Source: Wikipedia)
OCS Reports for OCS Inventory is a web application to manage the OCS Inventory Server and Clients.
The web application is prone to reflected Cross-Site-Scripting (XSS) attacks.
1) anonymous: USERID and Password field of login page are vulnerable
3) logged in user: index.php: parameter "prov" will get included within a hidden page form field
1) Enter the following payload into login form: " onload="alert(42);
Install OCS Inventory Release 2.4.1 or newer.
2017/12/15 vendor contacted, asked for security contact information
2018/01/02 contacted vendor again after no answer was received so far
2018/01/02 response of responsible contact
2018/01/22 Sent technical details
2018/02/12 Developer replied proposing fix
2018/03/28 Developer contacted us to announce the upcoming release
2018/04/05 OCS Version 2.4.1 was released
2018/08/09 Release of the security advisory
Simon Bieber, secuvera GmbH
sbieber (at) secuvera (dot) de [email concealed]
Michael Hermann, secuvera GmbH
for his support!
Gilles Dubois and Damien Belliard, factorfx
for fixing this issue!
All information is provided without warranty. The intent is to provide informa-
tion to secure infrastructure and/or systems, not to be able to attack or damage.
Therefore secuvera shall not be liable for any direct or indirect damages that
might be caused by using this information.
[ reply ]
Copyright 2010, SecurityFocus