kaltura/server (lastest version)- Cross-Site Scripting (XSS) in "XmlJWPlayer.php"

[bestshow]

Product：kaltura/server Download: https://github.com/kaltura/server Vunlerable Version: lastest version Tested Version: lastest version Author: ADLab of Venustech

Advisory Details: I have discovered a Cross-Site Scripting (XSS) in “kaltura/server”, which can be exploited to execute arbitrary code. The vulnerability exists due to insufficient filtration of user-supplied data in “entryId” HTTP GET parameter passed to “server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php” url. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation example below uses the "alert()" JavaScript function to see a pop-up messagebox: Poc: http://localhost/.../server-Lynx-12.11.0/admin_console/web/tools/XmlJWPlayer.php?entryId=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22

[kaltura-hooks]

Hi @bestshow,

Thank for you reporting an issue and helping improve Kaltura!

To get the fastest response time, and help the maintainers review and test your reported issues or suggestions, please ensure that your issue includes the following (please comment with more info if you have not included all this info in your original issue):

• Is the issue you're experiencing consistent and across platforms? or does it only happens on certain conditions? please provide as much details as possible.
• Which Kaltura deployment you're using: Kaltura SaaS, or self-hosted? If self hosted, are you using the RPM or deb install?
• Packages installed. When using RPM, paste the output for:

  # rpm -qa \"kaltura*\"

  For deb based systems:

  # dpkg -l \"kaltura-*\"

• If running a self hosted ENV - provide the MySQL server version used
• If running a self hosted ENV - is this a single all in 1 server or a cluster?
• If running a self hosted ENV, while making the problematic request, run:

  # tail -f /opt/kaltura/log/*.log /opt/kaltura/log/batch/*.log | grep -A 1 -B 1 --color \"ERR:\|PHP\|trace\|CRIT\|\[error\]\"

  and paste the output.

• When relevant, provide any screenshots or screen recordings showing the issue you're experiencing.

For general troubleshooting see: https://github.com/kaltura/platform-install-packages/blob/Jupiter-10.13.0/doc/kaltura-packages-faq.md#troubleshooting-help

If you only have a general question rather than a bug report, please close this issue and post at: http://forum.kaltura.org

Thank you in advance,

[jessp01]

Hi,

Fixed by this patch: https://github.com/kaltura/server/pull/5304/files. Please patch your local instances accordingly.