Abstract Advisory Information

Security issue affecting the product Vaultize.
There is Stored XSS via the optional message field of a file request.

Authors: Julien EHRHART and Anthony MAIA

Version affected

Vaultize Enterprise File Sharing
Versions 17.05.31

Common Vulnerability Scoring System

7.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Patches

Unknown

Vulnerability Disclosure Timeline

• 24/10/17 Vaultize notification of issues
• 27/10/17 Notification of Vaultize, issues acknowledgment
• 08/11/17 Vaultize Notification for 9 issues
• 09/11/17 Received Fix for:
  – Anonymous reflected XSS on error page
  – Stored XSS on file request.
  – Improper authorization leading to a creation of folders of another account
  – Missing data input validation
• 23/11/17 Received Fix for:
  – Improper authorization when listing the history of another user
• 07/12/17 Request for remaining fixes, no answer to Csirt
• 02/01/18 Vulnerable Clients & Csirt notification
• 18/04/18 Mitre notification