IsarFlow stored cross-site scripting vulnerability
A stored cross-site scripting vulnerability was found in the IsarFlow software version 5.23 (or earlier) of IsarNet Software Solutions GmbH. We have reported this vulnerability to the software vendor, who immediately addressed the issue and fixed the vulnerability in versions 5.25.14 and 5.26.4.
Description
The dashboard title is not encoded properly in all places and is susceptible to stored cross-site scripting.
Upon opening the “delete dashboard” dialog, the JavaScript-Code gets executed.
Additionally, the “User dashboard” menu provides an admin with the ability to browse and edit all user generated dashboards. This view does also not encode the dashboard title, resulting in the executing of the payload and can therefore be used to target higher privileged user accounts.
Affected Component
IsarFlow Portal
Attack Type
Remote
Impact Code Execution
True
Attack vectors
To exploit the vulnerability, an attacker needs access to the application.
Reference
TBA
Discoverer
Max Maier (mgm security partners), Benedikt Haußner (mgm security partners)