Uploaded image for project: 'JBoss BPMS Platform'
  1. JBoss BPMS Platform
  2. RHBPMS-4627

CVE-2017-7463 business-central: Reflected XSS in artifact upload error message [bpms-6.4.x]

XMLWordPrintable

    • CR1
    • Hide
      • Start JBoss BPM Suite/BRMS on EAP 6.4.12+
      • Go to business central, login and then access Authoring -> Artifact Repository
      • Upload the attached inject-script-1.0.pom.xml and you should see an alert with the value 1.
      Show
      Start JBoss BPM Suite/BRMS on EAP 6.4.12+ Go to business central, login and then access Authoring -> Artifact Repository Upload the attached inject-script-1.0.pom.xml and you should see an alert with the value 1.

      When uploading a pom.xml with errors to business central using Artifact Repository, it is possible to execute malicious scripts because the error message is showed in an HTML mode, allowing scripts execution. Take for example the following script.pom.xml:

      <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <groupId>example</groupId>
  <artifactId>inject-script</artifactId>
  <version>1.0</version>
  
  <dependencies>
  	<dependency>
  		<groupId>example</groupId>
  		<artifactId>}}proj&lt;script&gt;alert(1)&lt;/script&gt;</artifactId>
  		<version>1.0</version>
  	</dependency>
  </dependencies>
</project>

        1. inject-script-1.0.pom.xml
          0.5 kB

              trikkola Toni Rikkola
              rhn-support-wsiqueir William Siqueira
              Kirill Gaevskii Kirill Gaevskii
              Kirill Gaevskii Kirill Gaevskii
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: