[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Pearson eSIS Enterprise Student Information System Stored XSS
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: Pearson eSIS Enterprise Student Information System Stored XSS
- From: tudor.enache@xxxxxxxxxx
- Date: Sun, 6 Apr 2014 07:08:10 GMT
Advisory ID: hag201477
Product: Pearson eSIS Enterprise Student Information System
Vendor: PearsonVue
Vulnerable Version(s): Any version
Advisory Publication: April 06, 2014
Vendor Notification: March 05, 2014
Public Disclosure: April 06, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-1454
Risk Level: Medium
CVSSv2 Base Score: 6.4 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution not yet released
Discovered and Provided: Tudor Enache from Help AG Middle East
------------------------------------------------------------------------
-----------------------
about the vendor:
Pearson VUE provides a full suite of services from test development to data
management, and delivers exams through the world?s most comprehensive and
secure network of test centers in 175 countries. Pearson VUE is a business of
Pearson (NYSE: PSO; LSE: PSON), the world's leading learning company.
Advisory Details:
During a Pentest Help AG discovered the following:
Stored cross-site scripting (XSS) vulnerability in the message board. Logged in
as a Super User we managed to inject malicious cross site scripting payloads
via enterprise messages. The payload would execute in the context of every user
in the system. This could be used to hijack session, provide victims with
phishing pages or completely compromise the computer that is executing the
payload.
1) Stored Cross-Site Scripting (XSS) in Pearson eSIS Enterprise Student
Information System: CVE-2014-1454
To reproduce the issue a Super User account is needed. After that is
accomplished one needs to log in, go to the message board functionality of eSIS
and create a new enterprise message using the HTML tab and add the following
payload as a message:
<img src="https://esisplatform.example.com/aal/1";
onerror="alert(document.cookie)">
Hackers could compromise a Super User account and send a malicious message to
every teacher/student using the platform. This can be anything from a session
hijacker script to a malicious backdoor
------------------------------------------------------------------------
-----------------------
Solution:
The vendor was notified, contact the vendor for the patch details
------------------------------------------------------------------------
-----------------------
References:
[1] help AG middle East http://www.helpag.com/.
[2] Peason eSIS http://www.pearsonschoolsystems.com/products/esis/
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ -
international in scope and free for public use, CVE® is a dictionary of
publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to
developers and security practitioners, CWE is a formal list of software
weakness types.
------------------------------------------------------------------------
-----------------------
Disclaimer: The information provided in this Advisory is provided "as is" and
without any warranty of any kind. Details of this Advisory may be updated in
order to provide as accurate information as possible.