ECE Projects XSS (Cross-site Scripting) Security Vulnerabilities
Exploit Title: ECE Projects /suchergebnis/? tx_solr[q] Parameter XSS (Cross-site Scripting) Security Vulnerabilities
Vendor: ECE Projektmanagement G.m.b.H. & Co. KG (ECE)
Product: ECE Projects
Advisory Publication: April 01, 2015
Latest Update: April 01, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Writer and Reporter: Wang Jing [CCRG, Nanyang Technological University (NTU), Singapore]
(1) Vendor & Product Description:
ECE Projektmanagement G.m.b.H. & Co. KG (ECE)
Product & Version:
All Projects – Shopping & Office, Traffic, Industries, Hotel, Residential
Vendor URL & download:
ECE Projects can be obtained from here,
ECE Projektmanagement GmbH & Co. KG
Product Introduction Overview:
“ECE develops, builds, and manages large commercial properties in the business areas Shopping, Office, Traffic, and Industries. It was founded in 1965 by mail-order pioneer Prof. Werner Otto (1909-2011) and is owned by the Otto family. Since 2000, the company founder’s son, Alexander Otto, has been heading the company. Hamburg-based ECE has been developing, building, leasing out, and managing large commercial properties in the business areas Shopping, Office, Traffic, and Industries and is European market leader in the field of downtown shopping centers. For decades, ECE has been realizing very successfully large group headquarters, office buildings, industrial buildings, logistic centers, traffic-related properties, hotels and other highly complex building types. ECE provides all real estate-related services from one source and thus creates a major benefit for their customers, clients and partners by pooling their complete know-how. With regard to numerous projects the ECE group acts as investor and keeps the projects in the portfolio for decades. Furthermore, two ECE funds concentrate on the acquisition of shopping centers with value growth potential. ECE is Europe-wide successfully positioned with numerous subsidiaries and joint ventures."
“ECE employs specialists with in-depth knowledge of the retail trade and all related “disciplines" and pools this wide-ranging expertise under one roof. Our full-service concept extends from the original idea right through to long-term management. Our credo: a full range of services from a single provider who takes overall responsibility as opposed to a “coordinator". This expertise is underpinned by several decades of experience in the sector as well as the financial strength of the ECE Group and enables us to cater to the full range of needs and requirements of our clients."
(2) Vulnerability Details:
ECE web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.
Several ECE Projects products 0Day vulnerabilities have been found by some other bug hunter researchers before. ECE Projects patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to XSS vulnerabilities.
(2.1) The first code programming flaw occurs atoccurs at “/suchergebnis/?" page with “&tx_solr[q]" parameter.