Home Security Unpatched Safety Flaws Disclosed in A number of Doc Administration Techniques

Unpatched Safety Flaws Disclosed in A number of Doc Administration Techniques

by crpt os


Feb 08, 2023Ravie LakshmananVulnerability Management

Multiple unpatched security flaws have been disclosed in open source and freemium Document Management System (DMS) offerings from four vendors LogicalDOC, Mayan, ONLYOFFICE, and OpenKM.

Cybersecurity firm Rapid7 said the eight vulnerabilities offer a mechanism through which “an attacker can convince a human operator to save a malicious document on the platform and, once the document is indexed and triggered by the user, giving the attacker multiple paths to control the organization.”

The list of eight cross-site scripting (XSS) flaws, discovered by Rapid7 researcher Matthew Kienow, is as follows –

  • CVE-2022-47412 – ONLYOFFICE Workspace Search Stored XSS
  • CVE-2022-47413 and CVE-2022-47414 – OpenKM Document and Application XSS
  • CVE-2022-47415, CVE-2022-47416, CVE-2022-47417, and CVE-2022-47418 – LogicalDOC Multiple Stored XSS
  • CVE-2022-47419 – Mayan EDMS Tag Stored XSS

Stored XSS, also known as persistent XSS, occurs when a malicious script is injected directly into a vulnerable web application (e.g., via a comment field), causing the rogue code to be activated upon each visit to the application.

A threat actor can exploit the aforementioned flaws by providing a decoy document, granting the interloper the ability to further their control over the compromised network,

“A typical attack pattern would be to steal the session cookie that a locally-logged in administrator is authenticated with, and reuse that session cookie to impersonate that user to create a new privileged account,” Tod Beardsley, director of research at Rapid7, said.

In an alternative scenario, the attacker could abuse the identity of the victim to inject arbitrary commands and gain stealthy access to the stored documents.

The cybersecurity firm noted that the flaws were reported to the respective vendors on December 1, 2022, and continue to remain unfixed despite coordinating the disclosures with CERT Coordination Center (CERT/CC).

Users of the affected DMS are advised to proceed with caution when importing documents from unknown or untrusted sources as well as limit the creation of anonymous, untrusted users and restrict certain features such as chats and tagging to known users.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex