Centrinity FirstClass HTTP Server TargetName Parameter Cross-Site Scripting Vulnerability
BID:9950
Info
Centrinity FirstClass HTTP Server TargetName Parameter Cross-Site Scripting Vulnerability
| Bugtraq ID: | 9950 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2004 12:00AM |
| Updated: | Mar 22 2004 12:00AM |
| Credit: | Discovery is credited to Richard Maudsley <[email protected]>. |
| Vulnerable: |
Centrinity FirstClass 7.1 Centrinity FirstClass 7.0 Centrinity FirstClass 5.77 0 Centrinity FirstClass 5.50 |
| Not Vulnerable: | |
Discussion
Centrinity FirstClass HTTP Server TargetName Parameter Cross-Site Scripting Vulnerability
It has been reported that FirstClass HTTP Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data via the 'TargetName' parameter of 'Upload.shtml' script.
Since this vulnerability affects the web server there is a possibility of an attacker crossing domains if multiple domains are hosted on one web server. The vendor has reported that this vulnerability only affects the 'standard' template set. The 'webmail' and 'mobile' template sets do not contain the 'Upload.shtml' script.
Centrinity FirstClass versions 7.1 and prior may be vulnerable to this issue.
It has been reported that FirstClass HTTP Server may be prone to a cross-site scripting vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in a user's browser. The issue presents itself due to insufficient sanitization of user-supplied data via the 'TargetName' parameter of 'Upload.shtml' script.
Since this vulnerability affects the web server there is a possibility of an attacker crossing domains if multiple domains are hosted on one web server. The vendor has reported that this vulnerability only affects the 'standard' template set. The 'webmail' and 'mobile' template sets do not contain the 'Upload.shtml' script.
Centrinity FirstClass versions 7.1 and prior may be vulnerable to this issue.
Exploit / POC
Centrinity FirstClass HTTP Server TargetName Parameter Cross-Site Scripting Vulnerability
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/.Templates/Commands/Upload.shtml?TargetName=<script>alert('XSS')</script>
No exploit is required.
The following proof of concept has been provided:
http://www.example.com/.Templates/Commands/Upload.shtml?TargetName=<script>alert('XSS')</script>
Solution / Fix
Centrinity FirstClass HTTP Server TargetName Parameter Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Centrinity FirstClass HTTP Server TargetName Parameter Cross-Site Scripting Vulnerability
References:
References:
- FirstClass Product Page (Centrinity)