XSS vulnerability in Jaws

Vulnerability ID: HTB22357
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_jaws.html
Product: Jaws
Vendor: Jaws Project
Vulnerable Version: 0.8.12 and Probably Prior Versions
Vendor Notification: 23 April 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA (http://www.htbridge.ch/)

Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.

The vulnerability exists due to failure in the "edit profile" module to properly sanitize user-supplied input in "URL" parameter. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.

An attacker can use browser to exploit this vulnerability. The following PoC is available:

URL= http://google.com/"; style="position:absolute; width: 100%; height: 100%; width:100%; top: 0px; right: 0px;" onmouseover="alert(document.cookie)

Relevant Pages

  • Multiple vulnerabilities in Template CMS
    ... Advisory ID: HTB23115 ... Product: Template CMS ... Vendor Notification: September 12, 2012 ... The following PoC demonstrates the vulnerability: ...
  • [SIG^2 G-TEC] 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories
    ... SIG^2 Vulnerability Research Advisory ... 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories ... 24 Jan 05 - Second Vendor Notification using online Bug Report Form and Email. ...
  • Path Traversal in DeWeS Web Server (Twilight CMS)
    ... Vendor Notification: July 24, 2013 ... High-Tech Bridge Security Research Lab discovered path traversal vulnerability in DeWeS web server that is supplied in package with Twilight CMS, which can be exploited to read arbitrary files on vulnerable system. ...
  • Re: Tinyguestbook XSS
    ... There is no sanitation on the input of the msg variable. ... malicious scripts to be added. ... There is also SQL-injection vulnerability, ...
  • Cross-Site Scripting (XSS) in Kayako Fusion
    ... Advisory ID: HTB23095 ... Vendor Notification: June 6, 2012 ... High-Tech Bridge SA Security Research Lab has discovered vulnerability in Kayako Fusion, which can be exploited to perform Cross-Site Scripting attacks. ...