Full Report
Reflected XSS vulnerability (CVE-2024-7124) has been found in Poznan Supercomputing and Networking Center's DInGO dLibra software.
Analysis Summary
# Vulnerability: Reflected XSS in DInGO dLibra Software
## CVE Details
- CVE ID: CVE-2024-7124
- CVSS Score: Information not provided (Severity determination pending or not specified in source)
- CWE: CWE-79 (Improper Neutralization of Input During Web Page Generation - XSS)
## Affected Systems
- Products: Poznan Supercomputing and Networking Center DInGO dLibra software
- Versions: Versions from 6.0 before 6.3.20
- Configurations: Affects the endpoint `indexsearch` utilizing the `filter` parameter.
## Vulnerability Description
This vulnerability is a Reflected Cross-Site Scripting (XSS) flaw. An attacker can exploit this by crafting a malicious URL which, when accessed by a victim, causes an arbitrary script to execute in the user's browser session. The flaw resides in the handling of the `filter` parameter within the `indexsearch` endpoint.
## Exploitation
- Status: PoC available (Implied by the description indicating a crafted URL can cause script execution, standard for XSS disclosure unless explicitly stated otherwise, though public PoC is not detailed)
- Complexity: Likely Low (Reflected XSS typically requires only social engineering via a link)
- Attack Vector: Network
## Impact
- Confidentiality: Potential impact (Script execution allows session hijacking or data theft)
- Integrity: Potential impact (Script execution allows modification of displayed content)
- Availability: Low potential impact (Typically focused on user session manipulation rather than service denial)
## Remediation
### Patches
- Update to DInGO dLibra version **6.3.20** or later.
### Workarounds
- No specific workarounds were detailed in the advisory. General XSS mitigation strategies (e.g., input validation/sanitization on application input points, implementing strict Content Security Policy (CSP)) should be considered until patching is complete.
## Detection
- Detection methods revolve around monitoring web traffic directed at the `indexsearch` endpoint for unusual or malformed input in the `filter` parameter that may contain script tags or encoded malicious payloads.
- Since this is Reflected XSS, look for suspicious URLs referencing this endpoint being shared with users.
## References
- Vendor Advisory/Source: CERT Polska
- Relevant links:
- hxxps://cert.pl/en/news/
- hxxps://www.cve.org/CVERecord?id=CVE-2024-7124