SB2019120904 - Multiple vulnerabilities in Viewer.js
Published: December 9, 2019
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: N/A)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to a lack of escaping on user inputted html entities, such as "alt", "src" and "url". A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Cross-site scripting (CVE-ID: N/A)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in the "org.webjars:viewerjs" due to a lack of escaping on user inputted html entities, such as "alt", "src" and "url". A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Cross-site scripting (CVE-ID: N/A)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists in the "org.webjars.npm:viewerjs" due to a lack of escaping on user inputted html entities, such as "alt", "src" and "url". A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
Remediation
Install update from vendor's website.
References
- https://snyk.io/vuln/SNYK-JS-VIEWERJS-536441
- https://github.com/fengyuanchen/viewerjs/issues/269
- https://github.com/fengyuanchen/viewerjs/commit/00771b70dde5cd07745dda30c445961e2d3e4289
- https://github.com/fengyuanchen/viewerjs/commit/ddd0c3d515dd1d8ea3e0323f486fab7d2cd5631f
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-536476
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-536477