Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-site Scripting (XSS) and HTML Injection on ClearCanvas ImageServer 3.0 Alpha #227

Open
JoshuaProvoste opened this issue Jul 24, 2019 · 3 comments

Comments

@JoshuaProvoste
Copy link

Hello,

I found two vulnerabilities that affect to ClearCanvas ImageServer 3.0 Alpha:

  • Cross-site Scripting (XSS) reflected
  • HTML Injection

You can reproduce both with the following details,

  1. Payload: <p/onclick=alert(1)>xss
  2. Vulnerable POST data: &UserName=<p/onclick=alert(1)>xss
  3. Output: A potentially dangerous Request.Form value was detected from the client (UserName="<p/onclick=alert(1)>...").
  4. Step 1: Open /ImageServer/Pages/Login/Default.aspx or /Pages/Login/Default.aspx URL login page according your config deployments
  5. Step 2: Fill the username and password inputs with XSS/HTML payload and submit the login form.
  6. Step 3: Then, you will have a XSS/HTML injections clicking on payload.

ClearCanvas_ImageServer_XSS_1

ClearCanvas_ImageServer_XSS_2

If you need reproduce, fix the issue, or more details about that, please, feel free to ping me.

@steveTree
Copy link

can you confirm the version
am assuming you are talking about v13.2? have you tested it on the original version ?

@JoshuaProvoste
Copy link
Author

I talk about this ClearCanvas version:

Screenshot from 2019-07-25 12-32-19 (copy)

@IDELGADO9
Copy link

i need clear canvas imageserver 3.0 alpha, please share it with me.... thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants