Product:kaltura/server
Download: https://github.com/kaltura/server
Vunlerable Version: lastest version
Tested Version: lastest version
Author: ADLab of Venustech
Advisory Details:
I have discovered a Cross-Site Scripting (XSS) in “kaltura/server”, which can be exploited to execute arbitrary code.
The vulnerability exists due to insufficient filtration of user-supplied data in “entryId” HTTP GET parameter passed to “server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php” url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation example below uses the "alert()" JavaScript function to see a pop-up messagebox:
Poc: http://localhost/.../server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php?entryId=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
The text was updated successfully, but these errors were encountered:
Thank for you reporting an issue and helping improve Kaltura!
To get the fastest response time, and help the maintainers review and test your reported issues or suggestions, please ensure that your issue includes the following (please comment with more info if you have not included all this info in your original issue):
Is the issue you're experiencing consistent and across platforms? or does it only happens on certain conditions?
please provide as much details as possible.
Which Kaltura deployment you're using: Kaltura SaaS, or self-hosted?
If self hosted, are you using the RPM or deb install?
Packages installed.
When using RPM, paste the output for:
# rpm -qa \"kaltura*\"
For deb based systems:
# dpkg -l \"kaltura-*\"
If running a self hosted ENV - provide the MySQL server version used
If running a self hosted ENV - is this a single all in 1 server or a cluster?
If running a self hosted ENV, while making the problematic request, run:
Product:kaltura/server
Download: https://github.com/kaltura/server
Vunlerable Version: lastest version
Tested Version: lastest version
Author: ADLab of Venustech
Advisory Details:
I have discovered a Cross-Site Scripting (XSS) in “kaltura/server”, which can be exploited to execute arbitrary code.
The vulnerability exists due to insufficient filtration of user-supplied data in “entryId” HTTP GET parameter passed to “server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php” url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation example below uses the "alert()" JavaScript function to see a pop-up messagebox:
Poc:
http://localhost/.../server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php?entryId=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22
The text was updated successfully, but these errors were encountered: