Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Product: openeclass Download: https://github.com/gunet/openeclass Vunlerable Version: Release_3.5.4 and probably prior Tested Version: Release_3.5.4 Author: ADLab of Venustech
Advisory Details: Multiple Cross-Site Scripting (XSS) were discovered in “openeclass Release_3.5.4”, which can be exploited to execute arbitrary code. The vulnerabilities exist due to insufficient filtration of user-supplied data in multiple parameters passed to the “openeclass-master/modules/tc/webconf/webconf.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website. The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox: Poc: (1) http://localhost/.../openeclass-master/modules/tc/webconf/webconf.php?meeting_id=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22 (2) http://localhost/.../openeclass-master/modules/tc/webconf/webconf.php?user=%22;%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E%3Cscript%3E
The text was updated successfully, but these errors were encountered:
Thank you very much! Script has been fixed.
Sorry, something went wrong.
Can you link to the fixing commit please?
Please see the following commits: e804fff (future development branch - 4.0) 18d625f (next release branch - 3.6) 55fde0b (current release branch - 3.5.5) Thanks again!
Great thank you!
No branches or pull requests
Product: openeclass
Download: https://github.com/gunet/openeclass
Vunlerable Version: Release_3.5.4 and probably prior
Tested Version: Release_3.5.4
Author: ADLab of Venustech
Advisory Details:
Multiple Cross-Site Scripting (XSS) were discovered in “openeclass Release_3.5.4”, which can be exploited to execute arbitrary code.
The vulnerabilities exist due to insufficient filtration of user-supplied data in multiple parameters passed to the “openeclass-master/modules/tc/webconf/webconf.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
The exploitation examples below use the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
(1)
http://localhost/.../openeclass-master/modules/tc/webconf/webconf.php?meeting_id=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
(2)
http://localhost/.../openeclass-master/modules/tc/webconf/webconf.php?user=%22;%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E%3Cscript%3E
The text was updated successfully, but these errors were encountered: