AOH :: HP Unsorted R :: BT-21545.HTM

Radvision's Scopia Cross Site Scripting Vulnerabilities



Radvision's Scopia Cross Site Scripting Vulnerabilities
Radvision's Scopia Cross Site Scripting Vulnerabilities



Radvision's Scopia Cross Site Scripting Vulnerabilities



***********************************************************************



Author: Francesco Bianchino

contact: f.bianchino at gmail dot com



Product: Radvision's Scopia

Version: 5.7

Vendor Site: http://www.radvision.com 

Product Support Page: http://www.radvision.com/Support/SCOPIA-57-Support/ 



***********************************************************************



Summary



Radvision's Scopia provides a solution for voice and video
collaborative communications.



***********************************************************************



Vulnerability Detail



The web-based interface is exposed to an XSS attack, the index.jsp
page does not check the user's input and is possible to inject
arbitrary code into the page parameters.

It's possible to steal user's cookie or other data sending a malicious
crafted URL to authenticated user.



***********************************************************************



PoC



http://www.example.com/scopia/entry/index.jsp?page=play%3c%2fsCrIpT%3e%3csCrIpT%3ealert("document.cookie")%3c%2fsCrIpT%3e 



***********************************************************************



Solution



Radvision has fixed the issue in SD 7.0.100 and later version.



***********************************************************************



Credits



Discovered and advised to Radvision, August 2009 by Francesco Bianchino.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.