Share
WEMS Enterprise Manager 2.58 (email) Reflected XSS  
  
  
Vendor: WEMS Limited  
Product web page: https://www.wems.co.uk  
Affected version: 2.58.8903  
2.55.8806  
2.55.8782  
2.19.7959  
  
Summary: WEMS Enterprise Manager is a centralised management and monitoring  
system for many WEMS equipped sites. It retrieves and stores data to enable  
energy analysis at an enterprise wide level. It is designed to give global  
visibility of the key areas that affect a buildings' environmental and energy  
performance using site data collected via WEMS Site Managers or Niagara compatible  
hardware.  
  
Desc: Input passed to the GET parameter 'email' is not properly sanitised before  
being returned to the user. This can be exploited to execute arbitrary HTML code  
in a user's browser session in context of an affected site.  
  
Tested on: Linux  
PHP  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2019-5551  
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5551.php  
  
  
06.07.2019  
  
--  
  
  
https://192.168.1.244/guest/users/forgotten?email="><script>confirm(251)</script>