← Advisories

NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability

Medium

Advisory ID

ZSL-2017-5432

Release Date

29 August 2017

Vendor

NethServer.org - https://www.nethserver.org

Affected Version

7.3.1611-u1-x86_64

CVE

N/A

Tested On

Kernel 3.10.0.-514.el7.x86_64 on an x86_64, CentOS Linux 7.3.1611 (Core)

Summary

NethServer is an operating system for the Linux enthusiast, designed for small offices and medium enterprises. It's simple, secure and flexible.

Description

NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfig[Upload][Description]' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept

nethserver_xss.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://www.zeroscience.mk/#/advisories/ZSL-2017-5433

[2]https://cxsecurity.com/issue/WLB-2017080191

[3]https://packetstormsecurity.com/files/143943

[4]https://www.exploit-db.com/exploits/42579/

[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/131087

Changelog

29.08.2017Initial release

31.08.2017Added reference [5]