19 lines
No EOL
1,013 B
Text
19 lines
No EOL
1,013 B
Text
source: https://www.securityfocus.com/bid/52666/info
|
|
|
|
Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input:
|
|
|
|
1. An arbitrary-file-deletion vulnerability
|
|
2. A security vulnerability
|
|
3. An arbitrary-file-upload vulnerability
|
|
4. Multiple cross-site scripting vulnerabilities
|
|
|
|
An attacker may leverage these issues to execute arbitrary script code, upload arbitrary files, and execute arbitrary code with administrative privileges. These issues may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
|
|
|
Open Journal Systems 2.3.6 is vulnerable; other versions may also be affected.
|
|
|
|
On the submissions page URL:
|
|
http://www.example.com/index.php/[journal]/author/submit/3?articleId=[id]
|
|
the attacker should add a malicious code to the "URL" field:
|
|
"><script>alert(document.cookie)</script>
|
|
the XSS will be displayed here:
|
|
http://www.example.com/index.php/[submission]/author/submission/[id] |