CVE-2014-7291 Springshare LibCal XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: Springshare LibCal Multiple XSS (Cross-Site Scripting) Vulnerability
Vulnerable Versions: 2.0
Tested Version: 2.0
Advisory Publication: Nov 25, 2014
Latest Update: Nov 25, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7291
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Solution Status: Fixed by Vendor
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]
“Springshare LibCal is an easy to use calendaring and event management platform for libraries. Used by 1,600+ libraries worldwide.”
(2) Vulnerability Details:
Springshare LibCal has a security problem. It is vulnerable to XSS attacks.
The XSS vulnerabilities occur at “/api_events.php?” page, with “&m” and “&cid” parameters.
2014-10-01: Report vulnerability to Vendor
2014-10-15: Vendor replied with thanks and vendor changed the source code
(1) Vendor URL:
(2) Vulnerability Description:
“Newtelligence dasBlog ct.ashx is vulnerable to Open Redirect attacks.
dasBlog supports a feature called Click-Through which basically tracks all links clicked inside your blog posts. It’s a nice feature that allows the blogger to stay informed what kind of content readers like. If Click-Through is turned on, all URLs inside blog entries will be replaced with <URL to your blog>/ct.ashx?id=<Blog entry ID>&url=<URL-encoded original URL> which of course breaks WebSnapr previews.”
<add verb=”*” path=”ct.ashx” type=”newtelligence.DasBlog.Web.Services.ClickThroughHandler, newtelligence.DasBlog.Web.Services”/>
(3) Vulnerability Detail:
Newtelligence dasBlog has a security problem. It is vulnerable to Open Redirect attacks.
(3.1) The vulnerability occurs at “ct.ashx?” page, with “&url” parameter,.
2014-10-15 Public disclosure with self-written patch.
CNN cnn.com ADS Open Redirect Security Vulnerability
After the attack, CNN takes measures to detect Open Redirect vulnerabilities. The measure is quite good during the tests. Almost no links are vulnerable to Open Redirect attack on CNN’s website, now. It takes long time to find a new Open Redirect vulnerability that is un-patched on its website.
Those vulnerabilities were reported to CNN in early July by Contact from Here.