← Advisories

OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability

Low

Advisory ID

ZSL-2016-5316

Release Date

13 April 2016

Vendor

Innovation Gate GmbH - https://www.openwga.com

Affected Version

OpenWGA Content Manager 7.1.9 (Build 230), OpenWGA Admin Client 7.1.7 (Build 82), OpenWGA Server 7.1.9 Maintenance Release (Build 642)

CVE

N/A

Tested On

Apache/2.2.14 (Ubuntu), Apache Tomcat/6.0.41, Apache-Coyote/1.1

Summary

OpenWGA is an advanced open source java based enterprise CMS platform featuring real WYSIWYG, a state of the art CMS IDE and more.

Description

OpenWGA suffers from a cross-site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept

openwga_xss.txtTXT

Disclosure Timeline

23.02.2016Vulnerability discovered.

28.02.2016Vendor contacted.

12.04.2016No response from the vendor.

13.04.2016Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://cxsecurity.com/issue/WLB-2016040092

[2]https://packetstormsecurity.com/files/136681

[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/112261

Changelog

13.04.2016Initial release

14.04.2016Added reference [1] and [2]

19.04.2016Added reference [3]