← Advisories

Sakai 10.7 Multiple Vulnerabilities

Medium

Advisory ID

ZSL-2016-5358

Release Date

21 August 2016

Vendor

Apereo Foundation - https://www.sakaiproject.org

Affected Version

10.7 (Kernel 10.7)

CVE

N/A

Tested On

Apache-Coyote/1.1

Summary

Sakai is a free, community source, educational software platform designed to support teaching, research and collaboration. Systems of this type are also known as Course Management Systems (CMS), Learning Management Systems (LMS), or Virtual Learning Environments (VLE).

Description

Sakai suffers from multiple reflected cross-site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Also there is a file disclosure vulnerability when calling custom tool script. It is not properly verified before being used to read files. This can be exploited to disclose contents of files from local resources.

Proof of Concept

sakai_xss.txtTXT

Disclosure Timeline

29.06.2016Vulnerability discovered.

17.07.2016Contact with the vendor.

18.07.2016Vendor responds giving security contact.

18.07.2016Contact with the security team.

18.07.2016Vendor responds asking more details.

18.07.2016Sent details to the vendor.

19.07.2016Vendor confirms the vulnerabilities.

15.08.2016Vendor releases fixed version 11.0 and 11.1 to address these issues.

21.08.2016Coordinated public security advisory released.