Simple Groupware 'export' Parameter Cross Site Scripting Vulnerability
BID:51882
Info
Simple Groupware 'export' Parameter Cross Site Scripting Vulnerability
| Bugtraq ID: | 51882 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1028 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 07 2012 12:00AM |
| Updated: | Feb 09 2012 12:00PM |
| Credit: | INFOSERVE security team |
| Vulnerable: |
Simple Groupware Simple Groupware 0.742 |
| Not Vulnerable: |
Simple Groupware Simple Groupware 0.743 |
Discussion
Simple Groupware 'export' Parameter Cross Site Scripting Vulnerability
Simple Groupware is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Simple Groupware 0.742 is vulnerable; other versions may also be affected.
Simple Groupware is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Simple Groupware 0.742 is vulnerable; other versions may also be affected.
Exploit / POC
Simple Groupware 'export' Parameter Cross Site Scripting Vulnerability
To exploit the issue, an attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URI is available:
To exploit the issue, an attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URI is available:
Solution / Fix
Simple Groupware 'export' Parameter Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references for details.
Solution:
Updates are available. Please see the references for details.
References
Simple Groupware 'export' Parameter Cross Site Scripting Vulnerability
References:
References: