The XSS flaw was discovered by Ben Nelson of Rapid7. The Cross-Site scripting flaw is present in the OPSWAT MetaDefender ICAP Server Management Interface. A remote attacker can inject own malicious script code into the website and can steal cookie-based authentication credentials through XSS. OPSWAT MetaDefender ICAP Server before 4.13.0 is vulnerable to a stored XSS attack. The ICAP Server Management Interface is used by administrators to configure and manage the ICAP Server. A malicious user can inject own script codes into the ICAP Server Management Interface and steal authentication/session data. An attacker can send a crafted request to ICAP Server Management Interface, like an XSS payload, to execute malicious code on the targeted system. An attacker can send a request to ICAP Server Management Interface, like an XSS payload, to execute malicious code on the targeted system. The XSS can be exploited through various vectors, like injecting into another application, from a remote location, etc.
Stored XSS Attack
A stored XSS attack is an attack where a malicious user can inject own script codes into the ICAP Server Management Interface and steal authentication/session data. The malicious code is saved to the server and executed when the user visits the website again. The payload of the stored XSS attack can be triggered by various vectors, like injecting into another application from a remote location, etc.
Finding XSS in OPSWAT MetaDefender ICAP Server
Vulnerability Details
There is a Cross-site scripting flaw in the OPSWAT MetaDefender ICAP Server Management Interface. A remote attacker can inject own malicious script code into the website and can steal cookie-based authentication credentials through XSS. The XSS flaw was discovered by Ben Nelson of Rapid7.
The only way to fix this vulnerability is to upgrade to the latest version of OPSWAT MetaDefender ICAP Server Management Interface which is 4.13.1 or later.
Timeline
Published on: 09/19/2022 07:15:00 UTC
Last modified on: 09/21/2022 14:42:00 UTC