Page MenuHomeVulnz

XSS vulnerability in ub.edu
VerifiedPublic

Description

Abstract

There's an XSS vulnerability in the page https://www.ub.edu/acad/graus/alumnes/zNoPhpSess.php via the codi GET parameter.

Reproduction steps

  1. Visit https://www.ub.edu/acad/graus/alumnes/zNoPhpSess.php?codi=%3Cscript%3Eeval(%22al%22%2B%22ert(document.domain)%22)%3C/script%3E.

What should be done?

Sanitize the codi parameter properly.

Attack scenario

Proof of concept of a phishing attack possible due to this vulnerability:

  1. Login as a student at Món UB (https://www.ub.edu/portals/monUB/).
  2. Visit this link. It will show a dialog with the student's name.

Due to the COVID-19 situation, this bug is subject to a more relaxed 120 day disclosure deadline instead of the normal 90 days deadline. If 120 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.

Details

Vendor
Universitat de Barcelona
Product
ub.edu
Reported
May 14 2020, 1:46 PM
Deadline
120

Event Timeline

avm99963 triaged this task as Priority-1 priority.Apr 15 2020, 4:30 PM
avm99963 created this task.
avm99963 set Reported to May 14 2020, 1:46 PM.May 14 2020, 1:47 PM
avm99963 closed this task as Verified.Jul 20 2020, 11:22 PM

On May 16 2020, 2:34 PM, SAE told me the developers fixed this issue, and I could verify this, so I'm marking this report as verified and disclosing it to the public.

avm99963 changed the visibility from "Restricted Project (Project)" to "Public (No Login Required)".Jul 20 2020, 11:22 PM