-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2021-040 Product: TechRadar (Confluence plug-in) Manufacturer: it-economics GmbH Affected Version(s): 1.1 Tested Version(s): 1.1 Vulnerability Type: Cross-Site Scripting (CWE-79) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2021-07-02 Solution Date: 2021-08-23 Public Disclosure: 2021-09-15 CVE Reference: CVE-2021-37412 Author of Advisory: Ulrich Braun, SySS GmbH ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: TechRadar is a plug-in for Atlassian's Confluence. The manufacturer describes the product as follows (see [1]): "Manage and communicate technology adoption for your organization through your own TechRadar". TechRadar is vulnerable to stored cross-site scripting in the title of a radar. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerability Details: JavaScript code is executed when it is put in the title of a radar. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Proof of Concept (PoC): When creating or editing a radar, enter the following script code in the title: XSS The code will be executed when opening the TechRadar plug-in. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Solution: The vendor provides a patch with version 1.2. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclosure Timeline: 2021-06-23: Vulnerability discovered 2021-07-06: Vulnerability reported to manufacturer 2021-07-06: Confirmed by manufacturer 2021-08-23: Patch released by manufacturer 2021-09-15: Public disclosure of vulnerability ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ References: [1] Product website for TechRadar https://marketplace.atlassian.com/apps/1214608/techradar?hosting=server&tab=overview [2] SySS Security Advisory SYSS-2021-040 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-040.txt [3] SySS Responsible Disclosure Policy https://www.syss.de/en/responsible-disclosure-policy ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Credits: This security vulnerability was found by Ulrich Braun of SySS GmbH. E-Mail: Ulrich.Braun@syss.de Public Key: https://www.syss.de/fileadmin/dokumente/PGPKeys/Ulrich_Braun.asc Key ID: 0x8D0BCE93155A9EC5 Key Fingerprint: BE5B 3FBE 585F 129E 5ACD 8672 8D0B CE93 155A 9EC5 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Disclaimer: The information provided in this security advisory is provided "as is" and without warranty of any kind. Details of this security advisory may be updated in order to provide as accurate information as possible. The latest version of this security advisory is available on the SySS website. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Copyright: Creative Commons - Attribution (by) - Version 3.0 URL: http://creativecommons.org/licenses/by/3.0/deed.en -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvls/vlhfEp5azYZyjQvOkxVansUFAmFAp5MACgkQjQvOkxVa nsUWeg//UC/QYBf+rNZWfL12Z9iYqXrlfDxQuVObU2BW+LSpRW7/c2cL5TomcQia lW+yCxIp3y8ou8aVM7REWTFN81hezhkBLAGIbD6Ph+28I0RQCOSCPO/TNONjLl8+ 8rFwV44ByWJlUngE3m7LjIPJ++emOFOHJ34Ej3a0YlqlevEG7ElPsBmxuDHXg3B0 GKkhRsOX9GWku8rmB55o1IjprYRW8plEunMowhi6cyut9Uk/BL2ISWorDfiW+GQA kWp6MuuGvj1WpecVfMbWo6N3bEaQ1VFZLViBA/ih8MbgdF/z4MM6ICspYzP7VYhb YTpoZAybgaZ3nUBoFynOFW9SiGlhig2n4F75BT2pJaJYzfArJH0IEKz0rijLe4t7 y99HbHyB6XZmwiYJyX4nokK6MSvJ8HNPtEh4tm3/9exFbm9yLrifkqHTnekdRYqI JWhFkCk2/pkmUL1PMShvpLt3f24v9f45UOJwymIfYEY71a2C4Ao+AVUui+OhmugH Roabk30wqPvTfiLHfcLmB9DTVfJurzim3ahCPCLhe6BgNWXv+qTMeCUnn7dAtbHE ZydoGvciuUZ1gI1XWW0+/sTrIvE1I8/duZgTbA8M7D8Vv6/Plp8H4aKiDaBqgk2z lfAoTH/teddeM4idD7DwgjnDIe858tFlsJjqgk8OCN4d0vqgFdY= =vcG4 -----END PGP SIGNATURE-----