COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS
Title: COMMAX Biometric Access Control System 1.0.0 Cookie Reflected XSS
Advisory ID: ZSL-2021-5660
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 15.08.2021
MariaDB/10.3.15
[03.08.2021] Vendor contacted.
[04.08.2021] Vendor contacted.
[05.08.2021] No response from the vendor.
[06.08.2021] Vendor contacted.
[14.08.2021] No response from the vendor.
[15.08.2021] Public security advisory released.
[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/207578
[3] https://cxsecurity.com/issue/WLB-2021080063
[23.08.2021] - Added reference [1], [2] and [3]
Web: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2021-5660
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 15.08.2021
Summary
Biometric access control system.Description
The application is vulnerable to an unauthenticated reflected cross-site scripting (XSS) vulnerability. Input passed to the Cookies 'CMX_ADMIN_NM' and 'CMX_COMPLEX_NM' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and JS code in a user's browser session in context of an affected site.Vendor
COMMAX Co., Ltd. - https://www.commax.comAffected Version
1.0.0Tested On
nginx/1.14.0 (Ubuntu)MariaDB/10.3.15
Vendor Status
[02.08.2021] Vulnerability discovered.[03.08.2021] Vendor contacted.
[04.08.2021] Vendor contacted.
[05.08.2021] No response from the vendor.
[06.08.2021] Vendor contacted.
[14.08.2021] No response from the vendor.
[15.08.2021] Public security advisory released.
PoC
commax_xss.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] https://packetstormsecurity.com/files/163834[2] https://exchange.xforce.ibmcloud.com/vulnerabilities/207578
[3] https://cxsecurity.com/issue/WLB-2021080063
Changelog
[15.08.2021] - Initial release[23.08.2021] - Added reference [1], [2] and [3]
Contact
Zero Science LabWeb: https://www.zeroscience.mk
e-mail: lab@zeroscience.mk
