Summary: Reflected XSS vulnerability in
Description: There exists a reflected XSS vulnerability in
https://www.lahitapiola.fi/cs/Satellite?pagename=TAMaster/FW_BlogAsset/FW_Nav. Value of query string parameter
rendermode is not properly escaped when it is output to the page. The web-application-firewall (WAF) seems to mitigate majority of the simplest XSS vectors, but it is possible to bypass the WAF by using
onToggle event in
location.href="https://www.google.com/?q="+document.domain. This demonstrates an open redirect type of vulnerability where user's browser is redirected to the attacker page where the attacker can e.g. perform phishing.
Access the attack URL
Browser is redirected to
This vulnerability is related to the previously reported Oracle Webcenter Sites vulnerabilities (e.g. #170532)
An attacker can use reflected XSS vulnerabilities to inject content to pages served from
www.lahitapiola.fi. This can be used e.g. for phishing purposes or to e.g. steal cookies from user's browser.