Impact
It's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request.
This vulnerability is particularly critical as Change Request aims at being created by user without any particular rights.
Patches
The vulnerability has been fixed in Change Request 1.9.2.
Workarounds
It's possible to workaround the issue without upgrading by editing the document ChangeRequest.Code.ChangeRequestSheet and by performing the same change as in the commit: 7565e72.
References
For more information
If you have any questions or comments about this advisory:
Attribution
Thanks Michael Hamann for the report.
Impact
It's possible for a user without any specific right to perform script injection and remote code execution just by inserting an appropriate title when creating a new Change Request.
This vulnerability is particularly critical as Change Request aims at being created by user without any particular rights.
Patches
The vulnerability has been fixed in Change Request 1.9.2.
Workarounds
It's possible to workaround the issue without upgrading by editing the document
ChangeRequest.Code.ChangeRequestSheetand by performing the same change as in the commit: 7565e72.References
For more information
If you have any questions or comments about this advisory:
Attribution
Thanks Michael Hamann for the report.