Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18400
HistoryNov 14, 2007 - 12:00 a.m.

[ISecAuditors Security Advisories] VTLS.web.gateway cgi is vulnerable to XSS

2007-11-1400:00:00
vulners.com
33
JSON

=============================================
INTERNET SECURITY AUDITORS ALERT 2006-004

  • Original release date: April 18, 2006
  • Last revised: November 13, 2007
  • Discovered by: Jesus Olmos Gonzalez
  • Severity: 1/5
    =============================================

I. VULNERABILITY

VTLS.web.gateway cgi is vulnerable to XSS

II. BACKGROUND

vtls.web.gateway cgi is a product from Visionary Technology in Library
Solutions.

VTLS Inc. is a leading global company that creates and provides
visionary technology in library solutions.

The company provide these solutions to a diverse customer base of more
than 900 libraries in over 32 countries.

III. DESCRIPTION

VTLS is vulnerable to a cross site scripting attack, it is possible to
execue html and javascript code in the browser of who cliks in a
malicious crafted link.

Here is a simple proof of concept that change html page as example. An
attacker could intercept the keyboard, or make CSRF to submit a form
of other page.

IV. PROOF OF CONCEPT

http://somevtlsweb.net/cgi-bin/vtls/vtls.web.gateway?authority=1&searchtype=subject%22%3E%3Ch1%3E%3Cmarquee%3EXSS%20bug%3C/marquee%3E%3C/h1%3E%3C!--&kind=ns&conf=080104+++++++

VI. SYSTEMS AFFECTED

All with this solution up to 48.1.0

VII. SOLUTION

Update to Version 48.1.1

VII. SOLUTION

Update to Version 48.1.1

VIII. REFERENCES

www.vtls.com

IX. CREDITS

This vulnerability has been discovered and reported by
Jesus Olmos Gonzalez (jolmos (at) isecauditors (dot) com).

X. REVISION HISTORY

April 18, 2006: Initial release.
November 13, 2007: Last revision.

XI. DISCLOSURE TIMELINE

February 27, 2006: The vulnerability discovered by
Internet Security Auditors.
April 18, 2006: Initial vendor notification sent.
No response
April 26, 2006: Second vendor notification sent.
Ping pong responses.
September 14, 2006: Third vendor notification sent.
No response.
December 01, 2006: Fourth vendor notification sent.
No response.
December 04, 2006: New patch coming.
No schedule.
January 02, 2007: Fifth vendor contact to ask for planning.
No response.
January 22, 2007: Sixth vendor contact to ask for planning.
Scheduled.
March 23, 2007: Seventh vendor contact to ask for planning.
Re-Scheduled.
May 22, 2007: Eigth vendor contact to ask for planning.
Re-Scheduled.
October 01, 2007: Nineth vendor contact to ask for planning.
Patch will be published in October.
November 09, 2007: Tenth. Version 48.1.1 has been approved for
general release and published.
November 13, 2007: Advisory Published.

XII. LEGAL NOTICES

The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.
Internet Security Auditors, S.L. accepts no responsibility for any
damage caused by the use or misuse of this information.

JSON