Zero Science Lab » OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability

OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability

Title: OpenWGA Content Manager 7.1.9 User-Agent HTTP Header XSS Vulnerability
Advisory ID: ZSL-2016-5316
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (2/5)
Release Date: 13.04.2016

Summary

OpenWGA is an advanced open source java based enterprise CMS platform featuring real WYSIWYG, a state of the art CMS IDE and more.

Description

OpenWGA suffers from a cross-site scripting vulnerability when input passed via the User-Agent HTTP header is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Vendor

Innovation Gate GmbH - https://www.openwga.com

Affected Version

OpenWGA Content Manager 7.1.9 (Build 230)
OpenWGA Admin Client 7.1.7 (Build 82)
OpenWGA Server 7.1.9 Maintenance Release (Build 642)

Tested On

Apache/2.2.14 (Ubuntu)
Apache Tomcat/6.0.41
Apache-Coyote/1.1

Vendor Status

[23.02.2016] Vulnerability discovered.
[28.02.2016] Vendor contacted.
[12.04.2016] No response from the vendor.
[13.04.2016] Public security advisory released.

PoC

openwga_xss.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] https://cxsecurity.com/issue/WLB-2016040092
[2] https://packetstormsecurity.com/files/136681
[3] https://exchange.xforce.ibmcloud.com/vulnerabilities/112261

Changelog

[13.04.2016] - Initial release
[14.04.2016] - Added reference [1] and [2]
[19.04.2016] - Added reference [3]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk