Open Journal Systems (OJS) version 2.3.6 suffers from an Arbitrary File Manipulation and Upload, cross-site scripting (XSS) vulnerabilities:
1. Arbitrary File Manipulation:
Arbitrary File Deletion via the "param" parameter to "/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php", Arbitrary File Renaming via the "param" parameter to "/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/scripts/rfiles.php" script.
2. Arbitrary File Upload: Upper-register file extensions are not filtered (e.g. ".pHp"), as well as some potentially malicious file extensions (e.g. ".asp", ".cgi", ".html").
3. XSS: Input passed via the "editor" and "callback" parameters to "/lib/pkp/lib/tinymce/jscripts/tiny_mce/plugins/ibrowser/ibrowser.php", "URL" parameter to "index.php", "String::stripUnsafeHtml()" method in "/lib/pkp/classes/core/String.inc.php" are vulnerable to perform cross-site scripting attacks.
Vulnerability ID: HTB23079
Vendor Notification / Vendor Patch / Public Disclosure Dates: 29 February / 16 March / 21 March
Vulnerabilities Type: Arbitrary File Manipulation, Arbitrary File Upload, Cross Site Scripting (XSS)
Solution Status: Fixed by Vendor
Risk level: Critical
Solution: Upgrade to the latest version
Read the full version of this security advisory HTB23079.
No comments:
Post a Comment