Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Tine v2.0 Maischa Multiple Cross Site Scripting Vulnerabilities

🗓️ 13 Jan 2012 00:00:00Reported by longrifle0xType 
zdt
 zdt🔗 0day.today👁 30 Views

Tine v2.0 Maischa - Multiple Cross Site Scripting Vulnerabilities. Open source project combining groupware and CRM, web-based interface, addressing address book, calendar, email, tasks, time tracking, and CRM

Code
Title:
======
Tine v2.0 Maischa - Cross Site Scripting Vulnerability

Introduction:
=============
Tine 2.0 is an open source project which combines groupware and CRM in
one consistent interface. Tine 2.0 is web-based
and optimises collaboration and organisation of groups in a lasting
manner. Tine 2.0 unites all the advantages of open
source software with an extraordinarily high level of usability and an
equally high standard of professional software
development. This is what makes the difference between Tine 2.0 and
many other existing groupware solutions.
Tine 2.0 includes address book, calendar, email, tasks, time tracking
and CRM. Intelligent functions and links make
collaboration in Tine 2.0 a true pleasure and include:
 
    Synchronising mobile telephones, such as iPhone, Android, Nokia
and Windows Mobile
    VoiP integration
    Flexible assigning of authorisation rights
    Dynamic lists
    Search functions
    History
    PDF export
 
(Copy from the Vendor Homepage: http://www.tine20.org/)
 
 
Abstract:
=========
Vulnerability-Lab Team Researcher discovered multiple persistent Web
Vulnerabilities on the Tine v2.0 Content Management System.
 
 
Report-Timeline:
================
2011-12-01: Vendor Notification
2012-01-12: Public or Non-Public Disclosure
 
 
Status:
========
Published
 
 
Affected Products:
==================
MetaWays
Product: Tine CMS v2.0
 
 
Exploitation-Technique:
=======================
Remote
 
 
Severity:
=========
Medium
 
 
Details:
========
Multiple input validation vulnerabilities(persistent) are detected on
Tine v2.0 Content Management System. Local attackers
can include (persistent) malicious script code to manipulate specific
user/admin requests. The vulnerability allows an
local privileged attacker to  manipulate the appliance(application)
via persistent script code inject. Successful exploitation
can result in session hijacking or persistent context manipulation on requests.
 
Vulnerable Module(s):
                [+] New Contacts - Input & Output
                [+] Lead Name - Input & Output

Risk:
=====
The security risk of the persistent software vulnerability is
estimated as medium(-).
 
 
Credits:
========
Vulnerability Research Laboratory - Ucha Gobejishvili (longrifle0x)



#  0day.today [2018-04-09]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Jan 2012 00:00Current
7.1High risk
Vulners AI Score7.1
tine 2.0cross site scriptingweb-based interfaceinput validationmedium severitypersistent vulnerability
30