====================================================================
FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities
====================================================================


1. OVERVIEW

Fastpath WebChat is vulnerable to Cross Site Scripting.


2. BACKGROUND

Fastpath WebChat is part of the Fastpath product. It provides a way for users to begin chatting with support agents using Fastpath. Fastpath is a plugin of OpenFire, a real time collaboration (RTC) server for instant messaging.  Fastpath provides queuing and routing for instant messaging to intelligently link people together. 


3. VULNERABILITY DESCRIPTION

Multiple parameters were not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 


4. VERSIONS AFFECTED

4.0.0 (released date: Aug 5, 2008)


5. VULNERABLE PARAMETERS

File: webapp/agentinfo.jsp	 
Parameters: agentName, emailValue, jid, nameValue, title

File: webapp/chat-ended.jsp	 	
Parameter: workgroup

File: webapp/chatmain.jsp	 
Parameters: chatID, workgroup

File: webapp/chatroom.jsp	 
Parameters: email, jid, userNickname, question

File: webapp/contact-agent.jsp	 
Parameter: email

File: webapp/email/leave-a-message.jsp	 
Parameter: workgroup	

File: webapp/email/offline-mail.jsp	 	 
Parameter: workgroup

File: webapp/queue_updater.jsp	 	 
Parameters: chatID, workgroup	 

File: webapp/style.jsp
Parameter: 	 workgroup	 

File: webapp/transcriptmain.jsp	 
Parameters: 	chatID, workgroup

File: webapp/transcriptsrc.jsp
Parameters:  from, text


6. SOLUTION

Fastpath WebChat is no longer in active development.
Ref: http://www.igniterealtime.org/projects/openfire/plugins.jsp
Ref: http://fisheye.igniterealtime.org/browse/svn-org/openfire/trunk/src/plugins/fastpath/src/web


7. VENDOR

Jive Software
http://www.jivesoftware.com/


8. CREDIT

This vulnerability was discovered by Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.


9. DISCLOSURE TIME-LINE

2012-04-15: vulnerability disclosed


10. REFERENCES

Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Bfastpath-webchat%5D_multiple_cross_site_scripting
What XSS Can Do: http://yehg.net/lab/pr0js/view.php/What%20XSS%20Can%20Do.pdf
XSS FAQs: http://www.cgisecurity.com/articles/xss-faq.shtml
XSS (wiki): http://en.wikipedia.org/wiki/Cross-site_scripting
XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS) 
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE-79: http://cwe.mitre.org/data/definitions/79.html


#yehg [2012-04-15]