Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Snorby 2.6.2 Cross Site Scripting

🗓️ 03 Jul 2015 00:00:00Reported by Federico FazziType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 29 Views

Snorby 2.6.2 Stored Cross-site Scripting Vulnerability in event men

Code
`--------------------------------------------------------  
Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability  
--------------------------------------------------------  
  
Vendor  
------  
  
https://www.snorby.org/  
  
  
Version  
-------  
  
2.6.2  
  
  
Description  
-----------  
  
During my research and testing of new IDS (Intrusion Detection System)  
like Suricata, I've  
found a Stored Cross-site Scripting (XSS) vulnerability in Snorby (that  
I'd like to use as  
web user interface for suricata). The vulnerability exists in the module  
for adding a new  
threat classification model where the user input is not correctly  
sanitized before being  
saved it on the database or for example the output is not properly  
filtered, before its  
rendering in the event/menu code, in this way the vector gets executed.  
  
  
Vulnerability  
-------------  
  
The output from the page snorby/app/views/events/_menu.html.erb is not  
properly sanitized  
before its rendering:  
  
--_menu.html.erb--  
<% @classifications.each do |cls| %>  
<% if cls.locked && cls.hotkey %>  
<%= drop_down_item "#{cls.name}#{cls.shortcut}", '#', nil, {  
:class => 'classification', :"data-classification-id" => cls.id.to_i } %>  
<% else %>  
<%= drop_down_item "#{cls.name}", '#', nil, { :class =>  
'classification', :"data-classification-id" => cls.id.to_i } %>  
<% end %>  
<% end %>  
--end--  
  
  
Mitigation  
----------  
  
A simple XSS mitigation on rails could be the usage of the sanitize, for  
example the code  
below filters the xss vector by removing the onerror attribute from the  
image tag:  
  
--_menu.html.erb--  
<% @classifications.each do |cls| %>  
<% if cls.locked && cls.hotkey %>  
<%= drop_down_item "#{sanitize cls.name}#{cls.shortcut}", '#',  
nil, { :class => 'classification', :"data-classification-id" =>  
cls.id.to_i } %>  
<% else %>  
<%= drop_down_item "#{sanitize cls.name}", '#', nil, { :class =>  
'classification', :"data-classification-id" => cls.id.to_i } %>  
<% end %>  
<% end %>  
--end--  
  
  
Solution  
--------  
  
Update to the latest version on Github.  
  
  
Disclosure  
----------  
  
30-06-2015 – Vendor notification  
(https://github.com/Snorby/snorby/issues/377)  
30-06-2015 – CVE id requested  
01-07-2015 - Vendor acknowledgement  
01-07-2015 - Vendor pushed a fix (commit-id:  
https://github.com/Snorby/snorby/commit/89d7cbcd3697c8a842f1a61b99e9a78f295798fb)  
  
  
Credits  
-------  
  
Federico Fazzi - [email protected]  
Web: http://deftcode.ninja  
  
--   
Federico Fazzi  
  
Mobile: +39 345 2327231 <tel:+3934%202327231>  
http://deftcode.ninja  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Jul 2015 00:00Current
7.4High risk
Vulners AI Score7.4
snorbycross-site scriptingvulnerabilitymitigationupdatecvevendoridssuricata
29