Cross-Site Scripting vulnerability in Jama Connect 8.44.0


Cross-Site Scripting vulnerability in Jama Connect 8.44.0
What is it? - Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
Which feature is affected?
"Import"-> "Data import wizard"(Select Import File and Destination) tab.

 The severity of this issue:-
- An attacker can redirect a user to a malicious website or can steal the session token. An attacker can also perform phishing attacks using malicious JavaScripts.

 Did I notify Jama Security team about this vulnerability?
Yes, I Informed Jama Security team, the issue is addressed in the latest build version 8.46

 Release notes: https://community.jamasoftware.com/blogs/chloe/2020/01/16/jama-connect-846-cloud-release-notes

 Suggested mitigation:
Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.
In general, effectively preventing XSS vulnerabilities is likely to involve a combination of the following measures:
  • Filter input on arrival. At the point where user input is received, filter as strictly as possible based on what is expected or valid input.
  • Encode data on output. At the point where user-controllable data is output in HTTP responses, encode the output to prevent it from being interpreted as active content. Depending on the output context, this might require applying combinations of HTML, URL, JavaScript, and CSS encoding.
  • Use appropriate response headers. To prevent XSS in HTTP responses that aren't intended to contain any HTML or JavaScript, you can use the Content-Type and X-Content-Type-Options headers to ensure that browsers interpret the responses in the way you intend.
  • Content Security Policy. As a last line of defence, you can use Content Security Policy (CSP) to reduce the severity of any XSS vulnerabilities that still occur. 
PoC:









Comments

Post a Comment

Popular posts from this blog

Image
Cross-Site Scripting vulnerability in app4.cloud.appspace.com cloud software What is it? - Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy. Which URL is affected? - https://app4.cloud.appspace.com/console/#!/ext/library The severity of this issue? - An attacker can redirect a user to a malicious website or can steal session token(no 'http only' flag was set☺). In this application, an attacker can create a temporary page 'webpage.html' and using this link he can spread malicious JavaScript code. The victim will observe the domain name-app4.cloud.appspace.com, which is a genuine site and clicks the malicious link. This link can be used to spread malicious javascript or can be used for Phishing.
Read more