Nozomi Stored XSS
Steps to Reproduce
The following code was used for the Proof of Concept:
The characters , ‘ and “ within the payload will most likely lead to not trigger the XSS.
The following pictures show how we were able to exploit the vulnerability.
Figure 1: Executed stored XSS in the node list
Figure 2: Executed stored XSS can be viewed encoded in the column selection
This issue exists due to insufficient input filtering in the input field of the custom field section. In order to mitigate the issue, we recommend applying input filtering to all input fields and URL parameters in the entire application to ensure that only valid input is processed (this means input filtering for the fields as well as for the field values).
We were able to verify this vulnerability in software versions below 19.0.3. However, all versions below 19.0.4 are likely affected.The vendor was informed of the finding and already implemented a fix for this issue. Therefore, updating to version 19.0.4 will mitigate the issue successfully.
Credit for finding and reporting the issue: