what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

OX App Suite 7.10.6 Access Control / Cross Site Scripting

OX App Suite 7.10.6 Access Control / Cross Site Scripting
Posted Jan 9, 2024
Authored by Martin Heiland

OX App Suite version 7.10.6-rev51 suffers from an access control vulnerability. Version 7.10.6-rev34 suffers from multiple cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss
advisories | CVE-2023-29051, CVE-2023-29052, CVE-2023-41710
SHA-256 | 80185f3d2633831b5738bc1126710375d2e7d24e073ff394c679caa4c61efc56

OX App Suite 7.10.6 Access Control / Cross Site Scripting

Change Mirror Download
Internal reference: MWB-2315
Type: CWE-284 (Improper Access Control)
Component: backend
Report confidence: Confirmed
Solution status: Fixed by vendor
Last affected revision: OX App Suite backend 7.10.6-rev51, OX App Suite backend 8.17
First fixed revision: OX App Suite backend 7.10.6-rev52, OX App Suite backend 8.18
Discovery date: 2023-09-21
Solution date: 2023-09-24
Disclosure date: 2023-09-25
CVE: CVE-2023-29051
CVSS: 8.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)

Details:
User-defined templates can bypass access control. User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. The existing switch to disable the feature by default was not effective in this case.

Risk:
Unauthorized users could discover and modify application state, including objects related to other users and contexts. No publicly available exploits are known.

Solution:
We now make sure that the switch to disable user-generated templates by default works as intended and will remove the feature in future generations of the product.



---



Internal reference: OXUIB-2532
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
Component: frontend
Report confidence: Confirmed
Solution status: Fixed by vendor
Last affected revision: OX App Suite frontend 7.10.6-rev34
First fixed revision: OX App Suite frontend 7.10.6-rev35
Discovery date: 2023-09-07
Solution date: 2023-09-24
Disclosure date: 2023-09-25
CVE: CVE-2023-29052
CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Details:
XSS in upsell portal widget (shop disclaimer). Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly.

Risk:
Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. No publicly available exploits are known.

Solution:
We added sanitization for this content.



---



Internal reference: OXUIB-2533
Type: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))
Component: frontend
Report confidence: Confirmed
Solution status: Fixed by vendor
Last affected revision: OX App Suite frontend 7.10.6-rev34
First fixed revision: OX App Suite frontend 7.10.6-rev35
Discovery date: 2023-09-07
Solution date: 2023-09-24
Disclosure date: 2023-09-25
CVE: CVE-2023-41710
CVSS: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Details:
XSS in upsell portal widget (shop URL). User-defined script code could be stored for a upsell related shop URL. This code was not correctly sanitized when adding it to DOM.

Risk:
Attackers could lure victims to user accounts with malicious script code and make them execute it in the context of a trusted domain. No publicly available exploits are known.

Solution:
We added sanitization for this content.
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close