1. Introduction
The GForge <= 4.5 Multiple Script XSS vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. This can lead to account takeover, data theft, and website defacement. Systems running vulnerable versions of GForge are at risk. Impact is likely to be high on confidentiality, medium on integrity, and low on availability.
2. Technical Explanation
- Root cause: Missing input validation in several PHP scripts used by GForge.
- Exploit mechanism: An attacker crafts a malicious URL containing JavaScript code within an unsanitized parameter. When a user clicks the link, the script executes. For example, injecting `` into a vulnerable field.
- Scope: GForge versions up to and including 4.5 are affected.
3. Detection and Assessment
Confirming vulnerability involves checking the installed GForge version and testing for script injection. A quick check is the version number, while thorough assessment requires attempting exploitation.
- Quick checks: Check the GForge version via the web interface (usually in the “About” section) or by examining configuration files.
- Scanning: Nessus plugin ID 21857 may detect this vulnerability as an example only.
- Logs and evidence: Examine web server logs for suspicious script tags or encoded characters within request parameters. Look for patterns like `