XSS vulnerability in ub.edu
VerifiedPublic
Actions

Assigned To

Authored By

	avm99963
	Apr 15 2020, 4:30 PM

Description

Abstract

There's an XSS vulnerability in the page https://www.ub.edu/acad/graus/alumnes/zNoPhpSess.php via the codi GET parameter.

Reproduction steps

Visit https://www.ub.edu/acad/graus/alumnes/zNoPhpSess.php?codi=%3Cscript%3Eeval(%22al%22%2B%22ert(document.domain)%22)%3C/script%3E.

What should be done?

Sanitize the codi parameter properly.

Attack scenario

Proof of concept of a phishing attack possible due to this vulnerability:

Login as a student at Món UB (https://www.ub.edu/portals/monUB/).
Visit this link. It will show a dialog with the student's name.

Due to the COVID-19 situation, this bug is subject to a more relaxed 120 day disclosure deadline instead of the normal 90 days deadline. If 120 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.

Details

Vendor: Universitat de Barcelona
Product: ub.edu
Reported: May 14 2020, 1:46 PM
Deadline: 120

Event Timeline

avm99963 triaged this task as Priority-1 priority.Apr 15 2020, 4:30 PM

avm99963 created this task.

avm99963 set Reported to May 14 2020, 1:46 PM.May 14 2020, 1:47 PM

On May 16 2020, 2:34 PM, SAE told me the developers fixed this issue, and I could verify this, so I'm marking this report as verified and disclosing it to the public.

avm99963 changed the visibility from "Restricted Project (Project)" to "Public (No Login Required)".Jul 20 2020, 11:22 PM

XSS vulnerability in ub.eduVerifiedPublicActions