IsarFlow stored cross-site scripting vulnerability

Stored Cross-site Scripting

A stored cross-site scripting vulnerability was found in the IsarFlow software version 5.23 (or earlier) of IsarNet Software Solutions GmbH. We have reported this vulnerability to the software vendor, who immediately addressed the issue and fixed the vulnerability in versions 5.25.14 and 5.26.4.

Description

The dashboard title is not encoded properly in all places and is susceptible to stored cross-site scripting.

IsarFlow vulnerabilities

Upon opening the “delete dashboard” dialog, the JavaScript-Code gets executed.

IsarFlow vulnerabilities

Additionally, the “User dashboard” menu provides an admin with the ability to browse and edit all user generated dashboards. This view does also not encode the dashboard title, resulting in the executing of the payload and can therefore be used to target higher privileged user accounts.

IsarFlow vulnerabilities

Affected Component

IsarFlow Portal

Attack Type

Remote

Attack vectors

To exploit the vulnerability, an attacker needs access to the application.

Reference

TBA

Discoverer

Max Maier (mgm security partners), Benedikt Hau├čner (mgm security partners)