Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

php-font-lib 0.3 Cross Site Scripting

Related Vulnerabilities: CVE-2014-2570  
Publish Date: 24 Mar 2014
Author: Daniel Marques
Source 
                ==========================================================
php-font-lib - Subset maker (make_subset.php) Reflected Cross-site Scripting
Revision 1.0
==========================================================
Author: Daniel C. Marques (@0xc0da)
Release date: 2014-03-23
Reference: http://codalabs.net/cla-2014-001

Disclosure Timeline
===============
2014-03-19 - Developer notified.
2014-03-19 - Developer patch.
2014-03-20 - CVE-2014-2570 assigned.
2014-03-23 - Public disclosure.

Product Information
===============
Product: php-font-lib
Description: A library to read, parse, export and make subsets of different types of font files.
Developer: Fabien Ménager
Website: https://github.com/PhenX/php-font-lib

Overview
=======
The Subset maker of the affected php-font-lib versions is vulnerable to a Reflected Cross-site Scripting. This vulnerability might allow remote unauthenticated attackers to inject arbitrary Javascript or HTML via the ‘name’ parameter. This flaw exists because the contents of ‘name’ are not sanitized before it is inserted in the web page.

Vulnerability Information
==================
Vulnerability: Reflected Cross-site Scripting
CVE Identifier: CVE-2014-2570
CVSSv2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE Identifier: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Affected releases: 0.3

Vulnerability details
==============
The make_subset.php script in the ‘www’ directory does not sanitize the contents of the ‘name’ parameter before echoing it to the user. The vulnerable piece of code is shown below:

<h1><?php echo $name ?></h1>

This vulnerability can be used to inject Javascript code to be rendered by the browser. An attacker must trick the user to access a crafted URL (using social engineering, e.g.) for a successful attack. 

Proof-of-Concept
=============
http://www.example.com/php-font-lib/www/make_subset.php?fontfile=../fonts/Norasi.ttf&name=<script>alert('XSS')</script>

Solution
======
The developer informed that version 0.3.1 fixes the issue. 

Credits
======
Vulnerability identified and reported by Daniel C. Marques (@0xc0da). 


References
=========
[1] https://github.com/PhenX/php-font-lib
[2] https://github.com/PhenX/php-font-lib/releases/tag/0.3.1
[3] https://cwe.mitre.org/data/definitions/79.html
[4] http://codalabs.net/cla-2014-001
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started