[et_pb_section fb_built=\"1\" _builder_version=\"4.9.4\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\"][et_pb_row _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_column type=\"4_4\" _builder_version=\"4.9.4\" _module_preset=\"default\"][et_pb_text _builder_version=\"4.9.4\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" hover_enabled=\"0\" sticky_enabled=\"0\"]<\/p>\n
<\/span> Reflected XSS attack (or non-persistent attack) occur when a malicious script is reflected off of a web application to the victim\u2019s browser. The attack is typically delivered via email or a web site and activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.<\/span><\/p>\n <\/span><\/p>\n The \u201aitems\u2018, \u2019selected\u2018 and \u201atitleKey\u2018 parameters of \/config\/voicebox\/display\/group.do are vulnerable to XSS.<\/span> Make sure to encode the user supplied input.<\/span><\/p>\n These security vulnerabilities were found by Sebastian Puttkammer of usd AG.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" usd-2018-0001 | Starface\/6.4.3.34 Advisory ID: usd-2018-0001CVE Number: N\/AAffected Product: StarfaceAffected Version: 6.4.3.34Vulnerability Type: Reflected XSSSecurity Risk: MediumVendor Status: Not fixed Description Reflected XSS attack (or non-persistent attack) occur when a malicious script is reflected off of a web application to the victim\u2019s browser. The attack is typically delivered via email or a web site and […]<\/p>\n","protected":false},"author":96,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-16536","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16536","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/96"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=16536"}],"version-history":[{"count":0,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16536\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=16536"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Advisory ID<\/strong>: usd-2018-0001<\/span>
CVE Number<\/strong>: N\/A<\/span>
Affected Product<\/strong>: Starface<\/span>
Affected Version<\/strong>: 6.4.3.34<\/span>
Vulnerability Type<\/strong>: Reflected XSS<\/span>
Security Risk<\/strong>: Medium<\/span>
Vendor Status<\/strong>: Not fixed<\/span><\/p>\n<\/h3>\n
Description<\/h3>\n
Proof of Concept (PoC)<\/h3>\n
=> PoC will be published when all issues are fixed.<\/span>
The \u201aitems\u2018, \u2019selected\u2018 and \u201atitleKey\u2018 parameters of \/config\/voicebox\/display\/user.do are vulnerable to XSS.<\/span>
=> PoC will be published when all issues are fixed.<\/span>
The parameters \u201aitems\u2018, \u201aregex\u2018, \u2019selected\u2018, \u201atitleKey\u2018, \u201awidth\u2018 and \u201aemptyOption\u2018 of \/template\/list.do are vulnerable to XSS.<\/span>
=> PoC will be published when all issues are fixed.<\/span><\/p>\n<\/h3>\n
Fix<\/h3>\n
<\/h3>\n
Credits<\/h3>\n