Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

From:	S21sec labs <s21seclabs_(at)_s21sec.com>
Date:	17.06.2008
Subject:	[Full-disclosure] S21SEC-044-en:OpenDocMan Cross Site Scripting (XSS)

##############################################################

                    - S21Sec Advisory -

##############################################################

     Title:  OpenDocMan Cross Site Scripting (XSS)
        ID:  S21sec-044-en
  Severity:  Low
   History:  15.Apr.2008 Vulnerability discovered
                   16.Apr.2008 Vendor contacted
                   27.May.2008 Patch available
     Scope:  Cross Site Scripting XSS
 Platforms:  Any
    Author:  Sergi Roselló (srosello@s21sec.com)
       URL:  http://www.s21sec.com/avisos/s21sec-044-en.txt
   Release:  Public


[ SUMMARY ]

OpenDocMan is a free document management system (DMS) designed to
comply with ISO 17025 and OIE standard for document management. It
features web based access, fine grained control of access to files,
and automated install and upgrades.


[ AFFECTED VERSIONS ]

This vulnerability has been tested in version v1.2.5 (March, 2nd 2007).


[ DESCRIPTION ]

An insufficient input validation allows code injection in the
parameter 'last_message'. Example:
http://server/opendocman-1.2.5/out.
php?last_message=%3Cscript%3Ealert(document.
cookie)%3C/script%3E


[ WORKAROUND ]

There is  patch available in the following url:
https://sourceforge.net/tracker/index.
php?func=detail&aid=1975163&group_id=69505&atid=524753


[ ACKNOWLEDGMENTS ]

This vulnerability has been found and researched by:

   - Sergi Roselló <srosello@s21sec.com> S21sec


[ REFERENCES ]

* OpenDocman
 http://opendocman.com/

* S21sec
  http://www.s21sec.com

* S21sec Blog
  http://blog.s21sec.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/