The client's security scanning tool detected the following vulnerability in the Service Catalog url
Cross-Site Scripting vulnerability found in Get parameter searchIn. The following attack uses plain encoding:
">{{$on.constructor('alert(33663)')()}}
A Cross-Site Scripting (XSS) vulnerability was detected in the web application. Cross-Site Scripting occurs when dynamically
generated web pages display user input, such as login information, that is not properly validated, allowing an attacker to
embed malicious scripts into the generated page and then execute the script on the machine of any user that views the site.
In this instance, the web application was vulnerable to an automatic payload, meaning the user simply has to visit a page to
make the malicious scripts execute. If successful, Cross-Site Scripting vulnerabilities can be exploited to manipulate or steal
cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute
malicious code on end user systems. Recommendations include implementing secure programming techniques that ensure
proper filtration of user-supplied data, and encoding all user supplied data to prevent inserted scripts being sent to end users
in a format that can be executed.
Cross-Site Scripting(XSS) happens when user input from a web client is immediately included via server-side scripts in a
dynamically generated web page. Reflected XSS is specifically considered critical when malicious payload can be embedded in
a URL (e.g. in query strings of GET requests). An attacker can trick a victim, via phishing attack, to click on a link with
vulnerable input which has been altered to include attack code and then sent to the legitimate server. The injected code is
then reflected back to the user's browser which executes it.
Cross-Site Scripting: Reflected ( 10044 )
Summary
HTML tag injection vulnerabilities were identified on this web application. HTML tag injections are used to aid in Cross-Site
Request Forgeries and phishing attacks against third-party web sites, and can often double as Cross-Site Scripting
vulnerabilities. Recommendations include implementing secure programming techniques that ensure proper filtration of usersupplied
data, and encoding all user supplied data to prevent inserted scripts being sent to end users in a format that can be executed.
Release : 17.3
CA Service Catalog
RU22 and higher patches will address the issue.