agorum core Pro - Persistent Cross-Site Scripting

EDB-ID: 41882
Author: SySS GmbH
Published: 2017-04-13
Type: Webapps
Platform: Multiple
Aliases: N/A
Advisory/Source: Link
Tags: Cross-Site Scripting (XSS)
Vulnerable App: N/A


Advisory ID: SYSS-2017-005
Product: agorum core Pro
Manufacturer: agorum Software GmbH
Affected Version(s):
Tested Version(s):
Vulnerability Type: Persistent Cross-Site Scripting (CWE-79)
Risk Level: High
Solution Status: Open
Manufacturer Notification: 2017-02-06
Solution Date: 2017-04-06
Public Disclosure: 2017-04-12
CVE Reference: Not yet assigned
Author of Advisory: Dr. Erlijn van Genuchten & Sascha Grimmeisen, SySS GmbH



agorum core Pro is a module based Document Management System. It allows
the customer to buy only required modules and can be extended when

Due to the possibility to upload HTML files that can include JavaScript
attack vectors, the DMS is vulnerable to persistent cross-site


Vulnerability Details:

SySS GmbH found out that the "file upload" function of the desk4web
module is prone to persistent cross-site scripting attacks as users are
allowed to upload and display HTML files that include JavaScript code.
This code is executed in the context of other users when opening the
file and can therefore be used to attack other users.


Proof of Concept (PoC):

In the desk4web module, users are able to upload files. For example,
a file called "xssattack.html" with the following content can be

<script>alert("XSS Attack")</script>

When opening this file, the message "XSS Attack" is displayed. As this
file can be opened by other users, the included JavaScript code can be
used to attack other users.



Update to agorum core 7.11.3. [4]


Disclosure Timeline:

2017-01-30: Vulnerability discovered
2017-02-06: Vulnerability reported to manufacturer
2017-04-06: Public disclosure
2017-04-06: Fix confirmed by manufacturer
2017-04-12: Vulnerability published



[1] Product website for agorum Software GmbH
[2] SySS Security Advisory SYSS-2017-005
[3] SySS Responsible Disclosure Policy
[4] Agorum Change Log



This security vulnerability was found by Dr. Erlijn van Genuchten and
Sascha Grimmeisen of SySS GmbH.

Public Key:
Key ID: 0xBD96FF2A
Key Fingerprint: 17BB 4CED 755A CBB3 2D47 C563 0CA5 8637 BD96 FF2A

Public Key:
Key ID: 0xD3D9C868
Key Fingerprint: 4937 7FCF BA8E 3D80 1AAD 4AC4 7C1D E510 D3D9 C868



The information provided in this security advisory is provided "as is"
and without warranty of any kind. Details of this security advisory may
be updated in order to provide as accurate information as possible. The
latest version of this security advisory is available on the SySS Web



Creative Commons - Attribution (by) - Version 3.0

Related Posts