Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bt-21430.htm

OpenCms (7.5.0) - Cross-Site Scripting, Phishing Through Frames, Application Error



OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error
OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error



Application: OpenCms=0D
=0D
Version: 7.5.0=0D
=0D
Hardware: Tomcat/Oracle=0D
=0D
Vulnerability: Cross-Site Scripting, Phishing Through Frames,=0D
Application Error=0D
=0D
=0D
Overview:=0D
=0D
Various URL's within the deployed OpenCms application version 7.5.0 are=0D
open to attacks, including Cross-Site Scripting, Phishing Through Frames=0D
and Application Error.  Some of these attacks allow injection of scripts=0D
into a parameter in the request.  The application should filter out such=0D
hazardous characters from user input.=0D
=0D
Example follows:=0D
Vulnerable URL (from the OpenCms VFS):=0D
/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/=0D
help_head.jsp?&homelink=>"'>=0D
=0D
Results:=0D
Insertion of the script into the homelink parameter successfully embeds=0D
the script in the response and is executed once the page is loaded into=0D
the user's browser (i.e. vulnerable to Cross-Site Scripting)=0D
=0D
=0D
=0D
Below find the complete list of vulnerable URL's (all paths are relative=0D
to the OpenCms VFS).  All issues are of High risk.=0D
=0D
=0D
=0D
/opencms/opencms/system/modules/org.opencms.workplace.help/elements/sear=0D
ch.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s): query=0D
=0D
Vulnerability(s): Cross-Site Scripting=0D
=0D
=0D
=0D
/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/=0D
help_head.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s): homelink=0D
=0D
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/commons/preferences.jsp=0D
=0D
Remediation: Verify that parameter values are in their expected ranges=0D
and types. Do not output debugging error messages and exceptions=0D
=0D
Parameter(s): tabdicopyfilemode, tabdicopyfoldermode,=0D
tabdideletefilemode=0D
=0D
Vulnerability(s): Application Error=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/commons/property.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter: resource=0D
=0D
Vulnerability(s): Cross-Site Scripting=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/commons/publishproject.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s): title, cancel, dialogtype, framename, progresskey,=0D
projected, projectname, publishsiblings, relatedresources, subresources=0D
=0D
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames, SQL=0D
Injection=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/commons/publishresource.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s):=0D
=0D
Vulnerability(s): Cross-Site Scripting=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/commons/unlock.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s): title=0D
=0D
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/editors/editor.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s): resource=0D
=0D
Vulnerability(s): Cross-Site Scripting=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/editors/dialogs/elements.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s): elementlanguage, resource, title=0D
=0D
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/locales/en/help/index.html=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s): workplaceresource=0D
=0D
Vulnerability(s): Phishing Through Frames=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/views/admin/admin-main.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s): path=0D
=0D
Vulnerability(s): Cross-Site Scripting=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/views/explorer/contextmenu.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s): acttarget=0D
=0D
Vulnerability(s): Cross-Site Scripting, Phishing Through Frames=0D
=0D
=0D
=0D
/opencms/opencms/system/workplace/views/explorer/explorer_files.jsp=0D
=0D
Remediation: Filter out hazardous characters from user input=0D
=0D
Parameter(s): mode=0D
=0D
Vulnerability(s): Cross-Site Scripting=0D
=0D
=0D
=0D
=0D
=0D
Katie French=0D
=0D
CGI Federal=0D
=0D
12601 Fair Lakes Circle=0D
=0D
Fairfax,VA 22033=0D
=0D
FFX: (703) 227-5642=0D
=0D
RRB: (202) 564-0475=0D


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH