LSWS Standard Edition 4.0.14 has a potential XSS vulnerability within the Web Administration Console, specifically within the Server Log Viewer.
This vulnerability arises because LSWS does not sanitise the request data presented to the client browser by the Server Log Viewer. This allows potentially malicious code - including Javascript - to run on the Administrator's browser client within their authenticated session.
I think this needs to be fixed. Bad things can potentially happen.
The lack of sanitisation of the request data presented in the Server Log Viewer can also cause the page HTML of the Server Log Viewer to break or render improperly.
The images below illustrate these problems.
The first image shows a Javascript popup message being displayed in the browser once a page of Server Log Viewer results is displayed.
This is produced by the Server Log Viewer displaying the following request that generated a 404:
The second image shows the broken HTML rendering of the bottom of the Server Log Viewer page visible on the same page.
When you examine the HTML at the bottom of that page, this is the HTML that causes the page display to break, by introducing an unclosed script string:
From this point forward in the page, the page renders in-correctly - eg the 'Begin' 'Prev' 'Refresh' 'Next' 'End' buttons that should appear at the bottom of the page are no longer visible on the page.
Browser used was Opera 9 but both of these issues could occur in many other browsers. LSWS version used was 4.0.14 Std but the same problem may occur in other LSWS editions.
FYI.
This vulnerability arises because LSWS does not sanitise the request data presented to the client browser by the Server Log Viewer. This allows potentially malicious code - including Javascript - to run on the Administrator's browser client within their authenticated session.
I think this needs to be fixed. Bad things can potentially happen.
The lack of sanitisation of the request data presented in the Server Log Viewer can also cause the page HTML of the Server Log Viewer to break or render improperly.
The images below illustrate these problems.
The first image shows a Javascript popup message being displayed in the browser once a page of Server Log Viewer results is displayed.
This is produced by the Server Log Viewer displaying the following request that generated a 404:
Code:
2010-04-22 13:22:58.083 INFO [12.345.678.910:3892-0#Example] File not found [/opt/lsws/DEFAULT/html/<br><br><script>alert("Vulnerable")</script>.jsp]When you examine the HTML at the bottom of that page, this is the HTML that causes the page display to break, by introducing an unclosed script string:
Code:
<tr><td class="log_I0">2010-04-22 13:22:58.123</td><td class="log_I1">INFO</td><td class="log_I2">[12.345.678.910:3894-0#Example] File not found [/opt/lsws/DEFAULT/html/<br><br><script>alert(\]</td></tr>Browser used was Opera 9 but both of these issues could occur in many other browsers. LSWS version used was 4.0.14 Std but the same problem may occur in other LSWS editions.
FYI.