CVE-2014-7293 NYU OpenSSO Integration XSS (Cross-Site Scripting) Web Security Vulnerability
Exploit Title: NYU OpenSSO Integration Logon Page url Parameter XSS
Product: OpenSSO Integration
Vendor: NYU
Vulnerable Versions: 2.1 and probability prior
Tested Version: 2.1
Advisory Publication: December 29, 2014
Latest Update: December 29, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7293
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover and Writer: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Suggestion Details:
(1) Vendor & Product Description:
Vendor:
NYU
Product & Vulnerable Versions:
OpenSSO Integration
2.1
Vendor URL & Download:
OpenSSO Integration can be obtrained from here,
Product Description:
“NYU has integrated PDS with Sun’s OpenSSO Identity Management application. The PDS/OpenSSO integration uses PDS as the NYU Libraries’ single sign-on system and leverages NYU’s OpenSSO system to provide seamless interaction between library applications and university services. The integration merges patron information from OpenSSO (e.g. name, email, e-resources access) with patron information from Aleph (e.g. borrower status and type) to ensure access to the multitude of library services.”
“The NYU Libraries operate in a consortial environment in which not all users are in OpenSSO and not all OpenSSO users are in Aleph. PDS is hosted in an active/passive capacity on our Primo front-end servers. Due to the nature of PDS and Aleph, patrons are required to have an Aleph account in order to login to the library’s SSO environment. The exception to this rule is EZProxy.”
“Author: Scot Dalton
Additional author(s):
Institution: New York University
Year: 2009
License: BSD style
Short description: Use, modification and distribution of the code are permitted provided the copyright notice, list of conditions and disclaimer appear in all related material.
Link to terms: [Detailed license terms]”
(2) Vulnerability Details:
NYU Opensso Integration web application has a computer cyber security bug problem. Hacker can exploit it by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Other similar products 0day vulnerabilities have been found by some other bug hunter researchers before. NYU has patched some of them. Web Security Watch is an aggregator of security reports coming from various sources. It aims to provide a single point of tracking for all publicly disclosed security issues that matter. “Its unique tagging system enables you to see a relevant set of tags associated with each security alert for a quick overview of the affected products. What’s more, you can now subscribe to an RSS feed containing the specific tags that you are interested in – you will then only receive alerts related to those tags.” It has published suggestions, advisories, solutions details related to website vulnerabilities.
(2.1) The vulnerability occurs at “PDS” service’s logon page, with “&url” parameter,
References:
http://tetraph.com/security/cves/cve-2014-7293-ex-libris-patron-directory-services-pds-xss
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7293
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7293
http://seclists.org/fulldisclosure/2014/Dec/125
http://www.securityfocus.com/bid/71812
http://computerobsess.blogspot.com/2015/02/cve-2014-7293-nyu-opensso-integration.html
http://whitehatview.tumblr.com/post/110719704806/shellmantis-cve-2014-7293-nyu-opensso
http://itsecurity.lofter.com/post/1cfbf9e7_5c667f0
http://tetraph.blogspot.com/2015/02/cve-2014-7293-nyu-opensso-integration.html
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2
http://tetraph.blog.163.com/blog/static/234603051201511084313351/
http://lists.kde.org/?a=139222176300014&r=1&w=2
http://www.inzeed.com/kaleidoscope/computer-security/cve-2014-7293
http://mathswift.blogspot.com/2015/02/cve-2014-7293-nyu-opensso-integration.html
http://marc.info/?a=139222176300014&r=1&w=4
https://computertechhut.wordpress.com/2015/02/10/cve-2014-7293-nyu-opensso
http://diebiyi.com/articles/security/xss-vulnerability/cve-2014-7293
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS
Product: TennisConnect COMPONENTS System
Vendor: TennisConnect
Vulnerable Versions: 9.927
Tested Version: 9.927
Advisory Publication: Nov 18, 2014
Latest Update: Nov 18, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8490
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]
Advisory Details:
(1) Vendor URL:
http://www.tennisconnect.com/products.cfm#Components
Product Description:
TennisConnect COMPONENTS
* Contact Manager (online player database)
* Interactive Calendar including online enrollment
* League & Ladder Management through Tencap Tennis
* Group Email (including distribution lists, player reports, unlimited sending volume and frequency)
* Multi-Administrator / security system with Page Groups
* Member Administration
* MobileBuilder
* Online Tennis Court Scheduler
* Player Matching (Find-a-Game)
* Web Site Builder (hosted web site and editing tools at www. your domain name .com)
(2) Vulnerability Details.
TennisConnect COMPONENTS System has a security problem. It is vulnerable to XSS attacks.
(2.1) The vulnerability occurs at “/index.cfm?” page, with “&pid” parameter.
References:
http://packetstormsecurity.com/files/129662/TennisConnect-9.927-Cross-Site-Scripting.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8490
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8490
http://www.osvdb.org/show/osvdb/116149
http://cve.scap.org.cn/CVE-2014-8490.html
http://en.hackdig.com/?11701.htm
http://seclists.org/fulldisclosure/2014/Dec/83
http://securitypost.tumblr.com/
http://computerobsess.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://whitehatpost.blog.163.com/blog/static/2422320542015110102316210/#
http://tetraph.blogspot.com/2015/02/cve-2014-8490-tennisconnect-components.html
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1352
CVE-2014-8752 JCE-Tech “Video Niche Script” XSS (Cross-Site Scripting) Security Vulnerability
Advisory Details:
(1) Vendor URL:
http://jce-tech.com/products/
Product Description:
“The PHP Video Script instantly creates a niche video site based on keywords users control via the admin console. The videos are displayed on users’ site, but streamed from the YouTube servers.”
(2) Vulnerability Details.
JCE-Tech “Video Niche Script” is vulnerable to XSS attacks.
(2.1) The vulnerability occurs at “view.php” page with “video”, “title” parameters.
CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities
References:
CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
CVE-2014-9468 InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
Exploit Title: InstantASP InstantForum.NET Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
Product: InstantForum.NET
Vendor: InstantASP
Vulnerable Versions: v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0
Tested Version: v4.1.3 v4.1.1 v4.1.2
Advisory Publication: Feb 18, 2015
Latest Update: Feb 18, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9468
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]
Advisory Details:
(1) Vendor & Product Description:
Vendor:
InstantASP
Product & Version:
InstantForum.NET
v4.1.3 v4.1.1 v4.1.2 v4.0.0 v4.1.0 v3.4.0
Vendor URL & Download:
InstantForum.NET can be downloaded from here,
http://docs.instantasp.co.uk/InstantForum/default.html?page=v413tov414guide.html
Product Introduction:
“InstantForum.NET is a feature rich, ultra high performance ASP.NET & SQL Server discussion forum solution designed to meet the needs of the most demanding online communities or internal collaboration environments. Now in the forth generation, InstantForum.NET has been completely rewritten from the ground-up over several months to introduce some truly unique features & performance enhancements.”
“The new administrator control panel now offers the most comprehensive control panel available for any ASP.NET based forum today. Advanced security features such as role based permissions and our unique Permission Sets feature provides unparalleled configurable control over the content and features that are available to your users within the forum. Moderators can easily be assigned to specific forums with dedicated moderator privileges for each forum. Bulk moderation options ensure even the busiest forums can be managed effectively by your moderators.”
“The forums template driven skinning architecture offers complete customization support. Each skin can be customized to support a completely unique layout or visual appearance. A single central style sheet controls every aspect of a skins appearance. The use of unique HTML wrappers and ASP.NET 1.1 master pages ensures page designers can easily integrate an existing design around the forum. Skins, wrappers & master page templates can be applied globally to all forums or to any specific forum.”
(2) Vulnerability Details:
InstantForum.NET has a security problem. It can be exploited by XSS attacks.
(2.1) The first vulnerability occurs at “Join.aspx” page with “SessionID” parameter of it.
(2.2) The second vulnerability occurs at “Logon.aspx” page with “SessionID” parameter of it.
References:
Computer & Web Vulnerabilities 