Share
## https://sploitus.com/exploit?id=PACKETSTORM:156951
Packet Storm Security note - Finding one of two:  
  
  
  
codeBeamer โ€“ Stored Cross-Site Scripting  
  
===============================================================================  
  
Identifiers  
  
-------------------------------------------------  
  
* CVE-2019-19912  
  
CVSSv3 score  
  
-------------------------------------------------  
  
6.4 (AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H)  
  
Vendor  
  
-------------------------------------------------  
  
Intland โ€“ Codebeamer (https://codebeamer.com)  
  
Product  
  
-------------------------------------------------  
  
codeBeamer ALM is a holistically integrated, collaborative Application Lifecycle Management platform with capabilities that cover your entire product development lifecycle.  
  
Affected versions  
  
-------------------------------------------------  
  
- codebeamer 9.5 and below  
  
Credit  
  
-------------------------------------------------  
  
Georg Ph E Heise (@gpheheise) / Lufthansa Industry Solutions (@LHIND_DLH)  
  
Vulnerability summary  
  
-------------------------------------------------  
  
Intland Software has a stored XSS vulnerability in file attachment section.  
  
Technical details  
  
------------------------------------------------  
  
The upload section is vulnerable to accept malicious crafted SWF file.  
  
.  
  
Proof of concept  
  
-------------------------------------------------  
  
To exploit this vulnerability standard male formatted SWF file like the ones available on github  
  
ยท https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/XSS%20Injection`  
  
Solution  
  
-------------------------------------------------  
  
Contact vendor for a solution  
  
Timeline  
  
-------------------------------------------------  
  
Date | Status  
  
------------|-----------------------------  
  
20-DEZ-2019 | Reported to vendor  
  
03-JAN-2020 | Acknowledged by vendor  
  
09-MAR-2020 | Patch available  
  
26-MAR-2020 | Public disclosure  
  
  
===============================================================================  
Packet Storm Security note - Finding two of two:  
  
  
codeBeamer โ€“ Stored Cross-Site Scripting  
  
===============================================================================  
  
Identifiers  
  
-------------------------------------------------  
  
* CVE-2019-19913  
  
CVSSv3 score  
  
-------------------------------------------------  
  
6.4 ([AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:H&version=3.1))  
  
Vendor  
  
-------------------------------------------------  
  
Intland โ€“ Codebeamer (https://codebeamer.com)  
  
Product  
  
-------------------------------------------------  
  
codeBeamer ALM is a holistically integrated, collaborative Application Lifecycle Management platform with capabilities that cover your entire product development lifecycle.  
  
Affected versions  
  
-------------------------------------------------  
  
- codebeamer 9.5 and below  
  
Credit  
  
-------------------------------------------------  
  
Georg Ph E Heise (@gpheheise) / Lufthansa Industry Solutions (@LHIND_DLH)  
  
Vulnerability summary  
  
-------------------------------------------------  
  
Intland Software has a stored XSS vulnerability in their CodeBeamer 9.5 ALM Tackers Title parameter.  
  
Technical details  
  
------------------------------------------------  
  
The Tackers Heading is vulnerable to a stored cross site scripting (XSS) attack  
  
An Attacker has to create or modify a Tracker Heading with a direct XSS to exploit any project user who's viewing the Tracker or the Tracker notes.  
  
Proof of concept  
  
-------------------------------------------------  
  
The following evidence is provided to illustrate the existence and  
  
exploitation:  
  
Create a release with the heading similar to this  
  
<script> alert(โ€˜hackedโ€™)</script>  
  
`  
  
Solution  
  
-------------------------------------------------  
  
Contact vendor for a solution  
  
Timeline  
  
-------------------------------------------------  
  
Date | Status  
  
------------|-----------------------------  
  
20-DEZ-2019 | Reported to vendor  
  
03-JAN-2020 | Acknowledged by vendor  
  
09-MAR-2020 | Patch available  
  
26-MAR-2020 | Public disclosure