AOH :: HP Unsorted O :: BX3531.HTM

OpenDocMan Cross Site Scripting (XSS)



S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS)
S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS)



##############################################################

                     - S21Sec Advisory -

##############################################################

      Title:  OpenDocMan Cross Site Scripting (XSS)
         ID:  S21sec-044-en
   Severity:  Low
    History:  15.Apr.2008 Vulnerability discovered
                    16.Apr.2008 Vendor contacted
                    27.May.2008 Patch available
      Scope:  Cross Site Scripting XSS
  Platforms:  Any
Author: Sergi Rosell=F3 (srosello@s21sec.com) 
URL: http://www.s21sec.com/avisos/s21sec-044-en.txt 
    Release:  Public


[ SUMMARY ]

OpenDocMan is a free document management system (DMS) designed to
comply with ISO 17025 and OIE standard for document management. It
features web based access, fine grained control of access to files,
and automated install and upgrades.


[ AFFECTED VERSIONS ]

This vulnerability has been tested in version v1.2.5 (March, 2nd 2007).


[ DESCRIPTION ]

An insufficient input validation allows code injection in the
parameter 'last_message'. Example:
http://server/opendocman-1.2.5/out.php?last_message=%3Cscript%3Ealert(document.cookie)%3C/script%3E 


[ WORKAROUND ]

There is  patch available in the following url:
https://sourceforge.net/tracker/index.php?func=detail&aid=1975163&group_id=69505&atid=524753


[ ACKNOWLEDGMENTS ]

This vulnerability has been found and researched by:

- Sergi Rosell=F3  S21sec 


[ REFERENCES ]

* OpenDocman
http://opendocman.com/ 

* S21sec
http://www.s21sec.com 

* S21sec Blog
http://blog.s21sec.com 


The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.