QaTraq phase_copy_content.php Multiple Variable XSS

2006-06-23T02:54:54
ID OSVDB:27610
Type osvdb
Reporter Nenad Jovanovic(enji@seclab.tuwien.ac.at)
Modified 2006-06-23T02:54:54

Description

Vulnerability Description

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'version', and 'content' variables upon submission to the phase_copy_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Technical Description

This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).

Solution Description

Upgrade to version 6.7 RC or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

QaTraq contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title', 'version', and 'content' variables upon submission to the phase_copy_content.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Vendor URL: http://www.testmanagement.com/ Vendor URL: http://sourceforge.net/projects/qatraq/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=118486&release_id=435024 Security Tracker: 1016381 Related OSVDB ID: 27600 Related OSVDB ID: 27601 Related OSVDB ID: 27606 Related OSVDB ID: 27607 Related OSVDB ID: 27611 Related OSVDB ID: 27612 Related OSVDB ID: 27615 Related OSVDB ID: 27599 Related OSVDB ID: 27605 Related OSVDB ID: 27609 Related OSVDB ID: 27602 Related OSVDB ID: 27608 Related OSVDB ID: 27614 Related OSVDB ID: 27617 Related OSVDB ID: 27603 Related OSVDB ID: 27604 Related OSVDB ID: 27613 Related OSVDB ID: 27616 Other Advisory URL: http://seclab.tuwien.ac.at/advisories/TUVSA-0606-001.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0481.html Mail List Post: http://attrition.org/pipermail/vim/2006-July/000950.html Mail List Post: http://attrition.org/pipermail/vim/2006-August/000969.html Keyword: TUVSA-0606-001 CVE-2006-3312 Bugtraq ID: 18620