← Advisories

docuFORM Mercury WebApp 6.16a/5.20 Multiple Cross-Site Scripting Vulnerabilities

Low
Advisory ID
ZSL-2011-5010
Release Date
20 April 2011
Vendor
docuFORM GmbH - http://www.docuform.de
Affected Version
6.16a and 5.20
CVE
N/A
Tested On
Microsoft Windows XP Professional SP3 (EN), Mercury HTTP and Database Server 6.16
Summary

Unlimited options for production printing and customer solutions.

Description

The Mercury Web Application suffers from multiple XSS vulnerabilities when parsing user input thru the GET parameter 'this_url' and the POST parameter 'aa_sfunc' in f_state.php, f_list.php, f_job.php and f_header.php scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept
mercury_xss.htmlTXT
Disclosure Timeline
14.04.2011Vulnerability discovered.
16.04.2011Vendor contact.
19.04.2011No reply from vendor.
20.04.2011Public advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.exploit-db.com/exploits/17192/
[2]http://www.securityfocus.com/bid/47506
[3]http://securityreason.com/exploitalert/10358
[4]http://packetstormsecurity.org/files/100625
[5]http://secunia.com/advisories/44209
[6]http://xforce.iss.net/xforce/xfdb/66986
[7]http://osvdb.org/show/osvdb/72137
[8]http://osvdb.org/show/osvdb/72138
[9]http://osvdb.org/show/osvdb/72139
[10]http://osvdb.org/show/osvdb/72140
Changelog
20.04.2011Initial release
21.04.2011Added reference [3], [4] and [5]
23.04.2011Added reference [6]
10.05.2011Added reference [7], [8], [9] and [10]