Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Libero Cross Site Scripting

🗓️ 23 Feb 2009 00:00:00Reported by Oliver GreiterType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 48 Views

Libero Cross-Site Scripting Vulnerability in Libero v5.3 SP5 - Impact: Cookie/credential theft, impersonation, loss of confidentiality, Remote attack vecto

Related
Code
ReporterTitlePublishedViews
Family
CVE		CVE-2009-0540
25 Feb 200916:00
cve
Cvelist		CVE-2009-0540
25 Feb 200916:00
cvelist
EUVD		EUVD-2009-0544
7 Oct 202500:30
euvd
NVD		CVE-2009-0540
25 Feb 200916:30
nvd
Prion		Cross site scripting
25 Feb 200916:30
prion
`Libero Cross-Site Scripting Vulnerability - Security Advisory - SOS-09-001  
  
Release Date. 23-Feb-2009  
Vendor Notification Date. 20-Oct-2008  
Product. Libero  
Platform. Windows (verified), possibly others  
Affected versions. Libero v5.3 SP5 (verified), possibly others  
Severity Rating. Medium  
Impact. Cookie/credential theft, impersonation, loss of confidentiality  
Attack Vector. Remote  
Solution Status. Vendor patch not yet available  
CVE reference. CVE-2009-0540  
  
Details.  
Libero is a library management system. During an application penetration test Sense of Security identified a cross-site scripting vulnerability in the search feature of the Libero web application. This occurred as a result of the application not properly filtering HTML tags which allowed malicious Javascript to be embedded. When input is incorrectly validated and not properly sanitised and then displayed in a web page, attackers can trick users into viewing the web page and causing malicious code to be executed.   
  
Proof of Concept.  
You can test the susceptibility of your system to this issue by entering the following string into the search term form field and clicking 'search'.  
<script>alert(document.cookie)</script>  
A vulnerable site will return the users' session ID.  
  
Solution.  
The vendor has advised that the fix will be made available in Libero v5.5 SP1.   
A fix will not be made available for previous versions.  
  
Discovered by.  
Oliver Greiter from SOS Labs.  
  
About us.  
Sense of Security is a leading provider of IT security and risk management solutions. Our team has expert skills in assessment and assurance, strategy and architecture, and deployment through to ongoing management. We are Australia's premier application security consultancy and trusted IT security advisor to many of the countries largest organisations.  
  
Sense of Security Pty Ltd   
Level 3, 66 King St  
Sydney NSW 2000  
AUSTRALIA  
  
T: +61 (0)2 9290 4444  
F: +61 (0)2 9290 4455  
W: http://www.senseofsecurity.com  
E: [email protected]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Feb 2009 00:00Current
6.8Medium risk
Vulners AI Score6.8
EPSS0.00329
liberocross-site scriptingvulnerabilitycookie theftimpersonationconfidentialityremote attackvendor patchcve-2009-0540sense of securitysos labs
48