HackDig : Dig high-quality web security articles

Horos 2.1.0 Web Portal DOM Based XSS

2016-12-16 16:15
Title: Horos 2.1.0 Web Portal DOM Based XSS
Advisory ID: ZSL-2016-5385
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 16.12.2016
Summary
Horos™ is an open-source, free medical image viewer. The goal of theHoros Project is to develop a fully functional, 64-bit medical image viewer forOS X. Horos is based upon OsiriX and other open source medical imaging libraries.
Description
Horos suffers from a DOM-based XSS vulnerability because it doesn't use proper sanitizationwhen user input goes to a dangerous HTML modification sink ((element).innerHTML). This can beexploited to execute arbitrary HTML and script code in a user's browser DOM in context of anaffected site.
Vendor
Horos Project - https://www.horosproject.org
Affected Version
2.1.0
Tested On
macOS 12.10.2 (Sierra)
Vendor Status
[15.12.2016] Vendor informed.
PoC
horos_domxss.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
N/A
Changelog
[16.12.2016] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk


Source: php.5835-6102-LSZ/seitilibarenluv/ne/km.ecneicsorez.www

Read:5621 | Comments:0 | Tags: Xss

“Horos 2.1.0 Web Portal DOM Based XSS”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3