CVE-2022-39054 Entering special characters in a web URL leads to error message.

To exploit this vulnerability, an attacker needs to host a website on a server where Coller enterprise software is installed. The attacker then needs to send a specially crafted request to vulnerable system. An attacker could leverage one of the following approaches to exploit this vulnerability. In scenario 1, an attacker could submit a link containing malicious script on a targeted system and then open a web page on another vulnerable system. The second system would then execute the malicious script and gain access to the targeted system. In scenario 2, an attacker could send a specially crafted request to vulnerable system. The attacker could then access the web server of the targeted system and send malicious script to gain access to the targeted system. Coller enterprise travel management software has insufficient filtering for special characters in web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.

Vulnerable versions

The following vendor versions are affected by this vulnerability:
* Coller enterprise software 8.1-8.4
* Coller enterprise software 8.6

Vulnerability Details

The following is a list of the Coller enterprise software versions that are vulnerable:
Coller enterprise travel management software 1.3.0 and earlier
Coller enterprise travel management software 1.2.1 and earlier
Coller enterprise business intelligence software 1.2.1 and earlier

Vulnerable code

The application uses an unauthenticated remote attacker to inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
The following code is vulnerable for the Reflected Cross-Site Scripting vulnerability:

Vulnerability Discovery and Discussion

This is a vulnerability that affects Coller enterprise software. An attacker can exploit this vulnerability by sending a specially crafted request to the target system. This vulnerability is related to insufficient filtering for special characters in web URL. By exploiting this vulnerability, the attacker can perform an XSS (Reflected Cross-Site Scripting) attack on the target system and gain access to it.

This issue has been found in Coller enterprise travel management software and has been fixed in version 2.4.1 of the product.

Timeline

Published on: 09/28/2022 04:15:00 UTC
Last modified on: 09/28/2022 23:29:00 UTC

References

• https://www.twcert.org.tw/tw/cp-132-6524-74530-1.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39054