Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
Description
From: grouper-core-request@internet2.edu grouper-core-request@internet2.edu On Behalf Of Jerry Lee
Sent: Tuesday, July 17, 2018 7:45 PM
To: grouper-core@internet2.edu
Subject: [grouper-core] Reflected (GET request) cross-site scripting in New UI
Hi Grouper developer team,
This is Jerry from the University of Auckland, we would like to report a reflected (GET request) cross-site scripting vulnerability within Grouper's New UI.
This vulnerability exist in the following url parameter:
hxxps://grouper-instance.localhost/grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=xss payload
A proof of concept url that could trigger this xss vulnerability would look like this:
hxxps://grouper-instance.localhost/grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=%3Cscript%3Ealert(1)%3C/script%3E
I've also attached a screenshot with the payload executed within client browser in this email, feel free to take a look if it would help resolving the issue. If you would like me to clarify anything in regards with above subject, please do not hesitate to contact me.
Kind Regards,
Jerry
Jerry Lee | Information Security Analyst | University of Auckland
+64 9 373 7599 ext. 83763 - hk.lee@auckland.ac.nz - PGP ID:0267ADF6
PGP Fingerprint: F886 6E17 F107 0717 C10D 30C3 AA9D FCB5 0267 ADF6