WebZeiterfassung of DEXICON Enterprise 3.4.1 allows reflected Cross-Site-Scripting for unauthenticated users -------------------------------------------------------------------- ID: KPMG-2019-001 Vendor: PCS Systemtechnik GmbH Software Name: DEXICON Enterprise Vendor URL: https://www.pcs.com Vulnerable/tested versions: DEXICON Enterprise 3.4.1 Author: Sascha Eilers (KPMG) Vulnerability status: Unknown (Not fixed) Risk Level: Medium CVSS Score: 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Product Details --------------- DEXICON Enterprise is an efficient, database-based solution for time recording and access control interfacing to SAP, developed by PCS Systemtechnik GmbH. In combination with INTUS door terminals, it provides seamless integration to enable organizations to have transparency on attendances and absences. With certified SAP-interfaces, reliable data exchange is ensured to support payroll accounting based on positive time recording. Vulnerability Details --------------------- Description: The "WebZeiterfassung" of the DEXICON Enterprise 3.4.1 application is prone to an unauthorized reflected cross-site-scripting vulnerability. In the tested environment, the login page (login_action.jsp) contained a field "loginName" lacking proper input validation. Prerequisites: None. Authentication required: Authentication is not required. Vulnerability Type: Cross Site Scripting (XSS). Risk/Impact: An attacker or malicious user can exploit this vulnerability to modify web page content, inject arbitrary content or launch attacks on the pertaining user/client. Proof of Concept ---------------- Entering the following string for parameter "loginName" in login_action.jsp resulted in reflected cross site scripting: "><" Solution -------- Not available. Timeline -------- Vulnerability discovered: 2019-12-06 Vendor notified: N/A Vendor fix provided: N/A Publication date: N/A Credits ------- This security vulnerability was found by Sascha Eilers of KPMG AG WPG. E-Mail: seilers (at) kpmg.com Key fingerprint = aa 18 90 16 74 24 05 b2 8b 81 bc b6 2d c3 f1 2b e0 ac dd 47 (CVE) References ---------------- Vendor URL: https://www.pcs.com KPMG AG WPG: https://home.kpmg.com/de/en/home.html KPMG Security Advisory KPMG-2019-001: https://www.kpmg.de/noindex/advisories/KPMG-2019-001.txt Disclaimer ---------- The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the KPMG AG WPG website. Copyright --------- Creative Commons - Attribution (by) - Version 3.0 http://creativecommons.org/licenses/by/3.0/deed.en