VuFind 1.0 Reflected XSS (Cross-site Scripting) Application 0-Day Web Security Bug
Exploit Title: VuFind Results? &lookfor parameter Reflected XSS Web Security Vulnerability
Product: VuFind
Vendor: VuFind
Vulnerable Versions: 1.0
Tested Version: 1.0
Advisory Publication: September 20, 2015
Latest Update: September 25, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Discover
and Reporter: Wang Jing [School of Physical and Mathematical Sciences
(SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Caution Details:
(1) Vendor & Product Description:
Vendor:
VuFind
Product & Vulnerable Versions:
VuFind
1.0
Vendor URL & Download:
Product can be obtained from here,
Product Introduction Overview:
"VuFind
is a library resource portal designed and developed for libraries by
libraries. The goal of VuFind is to enable your users to search and
browse through all of your library's resources by replacing the
traditional OPAC to include: Catalog Records, Locally Cached Journals,
Digital Library Items, Institutional Repository, Institutional
Bibliography, Other Library Collections and Resources. VuFind is
completely modular so you can implement just the basic system, or all of
the components. And since it's open source, you can modify the modules
to best fit your need or you can add new modules to extend your resource
offerings. VuFind runs on Solr Energy. Apache Solr, an open source
search engine, offers amazing performance and scalability to allow for
VuFind to respond to search queries in milliseconds time. It has the
ability to be distributed if you need to spread the load of the catalog
over many servers or in a server farm environment. VuFind is offered for
free through the GPL open source license. This means that you can use
the software for free. You can modify the software and share your
successes with the community! Take a look at our VuFind Installations
Wiki page to see how a variety of organizations have taken advantage of
VuFind's flexibility. If you are already using VuFind, feel free to edit
the page and share your accomplishments. "
(2) Vulnerability Details:
VuFind
web application has a computer security problem. Hackers can exploit it
by reflected XSS cyber attacks. This may allow a remote attacker to
create a specially crafted request that would execute arbitrary script
code in a user's browser session within the trust relationship between
their browser and the server.
Several other similar products 0-day vulnerabilities have been found by some other bug researchers before. VuFind has patched some of them. "scip AG was founded in 2002. We are driven by innovation, sustainability, transparency, and enjoyment of our work. We are completely self-funded and are thus in the comfortable position to provide completely independent and neutral services. Our staff consists of highly specialized experts who focus on the topic information security and continuously further their expertise through advanced training".
(2.1) The code flaw occurs at "lookfor?" parameter in "/vufind/Resource/Results?" page.
Some other researcher has reported a similar vulnerability here and VuFind has patched it.
(3) Solution:
Update to new version.
References:
No comments:
Post a Comment