SNS Vulnerability

PHPMailer Cross-Site Scripting Vulnerability Fixed by 5.2.24

Description

(#A cross-site scripting vulnerability has been identified in PHPMailer.#A remote attacker could exploit it in order to execute arbitrary JavaScript or HTML code by inciting their victim into following a specially formed link.##This vulnerability stems from a lack of validation upon user-supplied input in the "From Email Address" and "To Email Address" fields of "code_generator.phps".##A proof of concept is available.#Updated, 23/08/2017:#The phpmailer packages provided by FreeBSD are vulnerable.)

Vulnerable Products

Vulnerable OS:
Fedora (Red Hat) - 24, 25, 26FreeBSD (FreeBSD) - AllVulnerable Software:
GestSup (GestSup) - 3.0.0, 3.0.1, 3.0.10, 3.0.11, 3.0.2, ..., 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9PHPMailer (WorxWare) - 5.2.xTypo3 (Typo3) - 6.0, 6.0.0, 6.0.1, 6.0.11, 6.0.13, ..., 8.7.4, 8.7.5, 8.7.6, 8.7.7, 8.7.8

Solution

Version 5.0.1 of Multishop module for TYPO3 fixes this vulnerability.

CVE

CVE-2017-11503

References

- PHPMailer : Version 5.2.24 (July 26th 2017)
https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md
- FEDORA-2017-f838eb0c5e : Fedora 25 Update: php-PHPMailer-5.2.24-1.fc25
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/545FEK4BT73LWYBXC2P7MQYBELWVG257/
- FEDORA-2017-0bc23764e7 : Fedora 24 Update: php-PHPMailer-5.2.24-1.fc24
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BEJQJKADVJOB52K323UPKOFFIKBWOLFH/
- FEDORA-2017-ab55648aa7 : Fedora 26 Update: php-PHPMailer-5.2.24-1.fc26
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EP5ZHH37C7M46ATN7NRQT2QDYCDJE4GB/
- GestSup : GestSup Release Notes
https://gestsup.fr/demo/changelog.php
- VuXML : phpmailer -- XSS in code example and default exeception handler
https://www.vuxml.org/freebsd/c5d79773-8801-11e7-93f7-d43d7e971a1b.html
- TYPO3-EXT-SA-2017-014: Cross Site-Scripting in extension "Multishop" (multishop)
https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2017-014/

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - POST : suspicious 'meta' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	5.0.0
XSS - Prevention - POST : javascript code found in data	5.0.0
XSS - Prevention - POST : suspicious tag with event found in data	5.0.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	5.0.0
XSS - Prevention - POST : 'location' javascript object found in data	5.0.0
XSS - Prevention - POST : code allowing cookie access found in data	5.0.0
XSS - Prevention - POST : 'script' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'div' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'img' attribute found in data	5.0.0
XSS - Prevention - POST : suspicious 'meta' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'object' tag found in data	5.0.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	5.0.0

Risk level

Moderate

Vulnerability First Public Report Date

2017-06-25

Target Type

Client

Possible exploit

Remote