← Advisories

LogicalDOC Enterprise 7.7.4 Reflected Cross-Site Scripting Vulnerabilities

Medium

Advisory ID

ZSL-2018-5449

Release Date

11 February 2018

Vendor

LogicalDOC Srl - https://www.logicaldoc.com

Affected Version

7.7.4, 7.7.3, 7.7.2, 7.7.1, 7.6.4, 7.6.2, 7.5.1, 7.4.2, 7.1.1

CVE

N/A

Tested On

Microsoft Windows 10, Linux Ubuntu 16.04, Java 1.8.0_161, Apache-Coyote/1.1, Apache Tomcat/8.5.24, Apache Tomcat/8.5.13, Undisclosed 8.41

Summary

LogicalDOC is a free document management system that is designed to handle and share documents within an organization. LogicalDOC is a content repository, with Lucene indexing, Activiti workflow, and a set of automatic import procedures.

Description

LogicalDOC suffers from multiple reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept

logicaldoc_xss.htmlTXT

Disclosure Timeline

26.01.2018Vulnerabilities discovered.

30.01.2018Vendor contacted.

07.02.2018No response from the vendor.

08.02.2018Vendor contacted again.

10.02.2018No response from the vendor.

11.02.2018Public security advisory released.

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]https://packetstormsecurity.com/files/146351

[2]https://cxsecurity.com/issue/WLB-2018020145

[3]https://exchange.xforce.ibmcloud.com/vulnerabilities/139086

Changelog

11.02.2018Initial release

21.02.2018Added reference [1], [2] and [3]