← Advisories

NS International Train Tickets v7.31.4 Reflected XSS Vulnerability

Medium

Advisory ID

ZSL-2017-5441

Release Date

24 December 2017

Vendor

NS International BV - https://www.nsinternational.nl

Affected Version

7.31.4

CVE

N/A

Tested On

Opera 49.0.2725.39, Google Chrome 60.0.3112.90, Firefox Quantum 57.0.1

Summary

NS International Train Tickets is a web application that is used by NS International (Dutch railways) to manage (search, book, plan, buy) train tickets for international travels from the Netherlands.

Description

NS International Train Tickets confirmation page 'bookingConfirm' is vulnerable to a Reflected XSS. The input provided to the 'dnr' query string parameter is reflected to the validationMismatch.html page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept

nsint_poc.txtTXT

Disclosure Timeline

15.10.2017Vulnerability discovered.

16.10.2017Vendor communicated via Twitter.

17.10.2017Vendor replied back. Details about the vulnerability sent.

15.11.2017Vulnerability fixed by the vendor.

24.12.2017Public security advisory released.

Credits

Vulnerability discovered by Stefan Petrushevski

References

Changelog

24.12.2017Initial release