SearchBlox 8.2 Cross Site Scripting Vulnerability

Vendor: SearchBlox Software, Inc.
Vulnerable Version(s): 8.2 and probably prior
Tested Version: 8.2
Advisory Publication:  April 22, 2015  [without technical details]
Vendor Notification: April 22, 2015 
Vendor Patch: May 26, 2015 
Public Disclosure: June 17, 2015 
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2015-3422
Risk Level: Low 
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) 

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered XSS vulnerability in SearchBlox, which can be exploited to perform Cross-Site Scripting attacks against the vulnerable web application administrators.

Input passed via the "menu2" HTTP GET parameter to "/searchblox/admin/main.jsp" script is not properly sanitised before being returned to the user. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and scripting code in his browser in context of the vulnerable website.

A simple XSS exploit below uses the "alert()" JS function to display a box with "ImmuniWeb" word:

http://[host]/searchblox/admin/main.jsp?menu1=adm&menu2=%22%3E%3Cscript%3Ealert%28%27ImmuniWeb%27%29;%3C/script%3E


-----------------------------------------------------------------------------------------------

Solution:

Update to SearchBlox 8.2.1

#  0day.today [2018-04-12]  #