Advisory ID: HTB23210 Product: Offiria Vendor: Slashes & Dots Sdn Bhd. Vulnerable Version(s): 2.1.0 and probably prior Tested Version: 2.1.0 Advisory Publication: April 2, 2014 [without technical details] Vendor Notification: April 2, 2014=20 Public Disclosure: May 7, 2014=20 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-2689 Risk Level: Medium=20 CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Solution Available Discovered and Provided: High-Tech Bridge Security Research Lab ( https://w= ww.htbridge.com/advisory/ )=20 ---------------------------------------------------------------------------= -------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in Offiria,= which can be exploited to perform Cross-Site Scripting (XSS) attacks again= st users of vulnerable application. 1) Reflected Cross-Site Scripting (XSS) in Offiria: CVE-2014-2689 The vulnerability exists due to insufficient sanitisation of user-supplied = data in URI after "/installer/index.php" script that is not removed from th= e system by default. A remote attacker can trick a logged-in user to open a= specially crafted link and execute arbitrary HTML and script code in brows= er in context of the vulnerable website. The following exploitation example displays "immuniweb" word: http://[host]/installer/index.php/%22onmouseover%3d%22alert%28%27immuniweb%= 27%29;%22%3d%22%3E ---------------------------------------------------------------------------= -------------------- Solution: Currently we are not aware of any official solution for this vulnerability= =2E The vendor did not respond to: - 6 notifications by email - 1 notification via twitter - 1 notification via GitHub As a temporary solution it is recommended to remove the vulnerable script o= r restrict access to it via .htaccess file or WAF.=20 ---------------------------------------------------------------------------= -------------------- References: [1] High-Tech Bridge Advisory HTB23210 - https://www.htbridge.com/advisory/= HTB23210 - Cross-Site Scripting (XSS) in Offiria. [2] Offiria - https://offiria.com - Offiria is a private, secure Enterprise= Social Network for your organization. [3] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to = developers and security practitioners, CWE is a formal list of software wea= kness types. [4] ImmuniWeb=C2=AE - https://portal.htbridge.com/ - is High-Tech Bridge's = proprietary web application security assessment solution with SaaS delivery= model that combines manual and automated vulnerability testing. ---------------------------------------------------------------------------= -------------------- Disclaimer: The information provided in this Advisory is provided "as is" a= nd without any warranty of any kind. Details of this Advisory may be update= d in order to provide as accurate information as possible. The latest versi= on of the Advisory is available on web page [1] in the References.