Full Disclosure mailing list archives
Radvision's Scopia Cross Site Scripting Vulnerabilities
From: Francesco Bianchino <f.bianchino () gmail com>
Date: Mon, 24 Aug 2009 11:46:59 +0200
Radvision's Scopia Cross Site Scripting Vulnerabilities *********************************************************************** Author: Francesco Bianchino contact: f.bianchino at gmail dot com Product: Radvision's Scopia Version: 5.7 Vendor Site: http://www.radvision.com Product Support Page: http://www.radvision.com/Support/SCOPIA-57-Support/ *********************************************************************** Summary Radvision's Scopia provides a solution for voice and video collaborative communications. *********************************************************************** Vulnerability Detail The web-based interface is exposed to an XSS attack, the index.jsp page does not check the user's input and is possible to inject arbitrary code into the page parameters. It's possible to steal user's cookie or other data sending a malicious crafted URL to authenticated user. *********************************************************************** PoC http://www.example.com/scopia/entry/index.jsp?page=play%3c%2fsCrIpT%3e%3csCrIpT%3ealert("document.cookie")%3c%2fsCrIpT%3e *********************************************************************** Solution Radvision has fixed the issue in SD 7.0.100 and later version. *********************************************************************** Credits Discovered and advised to Radvision, August 2009 by Francesco Bianchino. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Radvision's Scopia Cross Site Scripting Vulnerabilities Francesco Bianchino (Aug 24)