Vulners
Lucene search
php-font-lib 0.3 Cross Site Scripting
🗓️ 24 Mar 2014 00:00:00Reported by Daniel MarquesType 
packetstorm🔗 packetstormsecurity.com👁 70 Views
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2014-2570 | 31 Aug 201518:00 | – | cve |
 | CVE-2014-2570 | 31 Aug 201518:00 | – | cvelist |
 | CVE-2014-2570 | 31 Aug 201518:00 | – | debiancve |
 | EUVD-2014-2605 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-2570 | 31 Aug 201518:59 | – | nvd |
 | DEBIAN-CVE-2014-2570 | 31 Aug 201518:59 | – | osv |
| UBUNTU-CVE-2014-2570 | 31 Aug 201518:59 | – | osv |
 | Cross site scripting | 31 Aug 201518:59 | – | prion |
 | CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Scripting | 5 May 201400:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 5 May 201400:00 | – | securityvulns |
10
`==========================================================
php-font-lib - Subset maker (make_subset.php) Reflected Cross-site Scripting
Revision 1.0
==========================================================
Author: Daniel C. Marques (@0xc0da)
Release date: 2014-03-23
Reference: http://codalabs.net/cla-2014-001
Disclosure Timeline
===============
2014-03-19 - Developer notified.
2014-03-19 - Developer patch.
2014-03-20 - CVE-2014-2570 assigned.
2014-03-23 - Public disclosure.
Product Information
===============
Product: php-font-lib
Description: A library to read, parse, export and make subsets of different types of font files.
Developer: Fabien Ménager
Website: https://github.com/PhenX/php-font-lib
Overview
=======
The Subset maker of the affected php-font-lib versions is vulnerable to a Reflected Cross-site Scripting. This vulnerability might allow remote unauthenticated attackers to inject arbitrary Javascript or HTML via the name parameter. This flaw exists because the contents of name are not sanitized before it is inserted in the web page.
Vulnerability Information
==================
Vulnerability: Reflected Cross-site Scripting
CVE Identifier: CVE-2014-2570
CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE Identifier: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected releases: 0.3
Vulnerability details
==============
The make_subset.php script in the www directory does not sanitize the contents of the name parameter before echoing it to the user. The vulnerable piece of code is shown below:
<h1><?php echo $name ?></h1>
This vulnerability can be used to inject Javascript code to be rendered by the browser. An attacker must trick the user to access a crafted URL (using social engineering, e.g.) for a successful attack.
Proof-of-Concept
=============
http://www.example.com/php-font-lib/www/make_subset.php?fontfile=../fonts/Norasi.ttf&name=<script>alert('XSS')</script>
Solution
======
The developer informed that version 0.3.1 fixes the issue.
Credits
======
Vulnerability identified and reported by Daniel C. Marques (@0xc0da).
References
=========
[1] https://github.com/PhenX/php-font-lib
[2] https://github.com/PhenX/php-font-lib/releases/tag/0.3.1
[3] https://cwe.mitre.org/data/definitions/79.html
[4] http://codalabs.net/cla-2014-001
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
24 Mar 2014 00:00Current
6.6Medium risk
Vulners AI Score6.6
EPSS0.00497