Crystal Reports Server InfoView logonAction Parameter XSS

medium Nessus Plugin ID 51816

Synopsis

The remote web server hosts a JSP script that is prone to a cross- site scripting attack.

Description

The InfoView component included with the Crystal Reports Server install on the remote host contains a JSP script fails to sanitize user input to the 'logonAction' parameter of its 'logon.jsp' script before using it to generate dynamic HTML output.

An attacker may be able to leverage this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.

Note that this install is likely affected by other cross-site scripting issues as well as a directory traversal vulnerability, although Nessus has not checked for them.

Solution

See https://websmp130.sap-ag.de/sap/support/notes/1458310 (requires credentials).

See Also

http://dsecrg.com/pages/vul/show.php?id=301

https://seclists.org/bugtraq/2011/Jan/156

http://www.nessus.org/u?cde1ca7a

Plugin Details

Severity: Medium

ID: 51816

File Name: crystal_reports_logonaction_xss.nasl

Version: 1.12

Type: remote

Published: 1/28/2011

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:businessobjects:crystal_reports_server

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/8/2010

Vulnerability Publication Date: 1/25/2011

Reference Information

BID: 45980

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990