“The Next Generation Open Source Assessment Solution – Say goodbye to technical complexity and yet another IT project. Say hello to an all-in-one assessment solution. Easily tap into the power of open source, single sign-on and LTI. Open source means open possibilities so you can benefit from the ideas of the expert assessment community.”
The vendor did not respond to our communication attempts, hence no patch is available.
Update 2020-04-08: The vendor responded that a newer version is available through Github which fixes the security issues which should be installed immediately. Enterprise edition users are not affected as they already are on newer versions.
An in-depth security analysis performed by security professionals is highly advised, as the software may be affected from further security issues.
Vulnerability Overview / Description
Multiple XSS vulnerabilities
Proof Of Concept
1) XSS in URL for form action attributes
If a victim accesses the following link and enters their credentials, an alert shows the entered password:
- /taoBackOffice/Lists/index/ (GET)
- /taoItems/Items/editItem/ (POST)
- /taoResultServer/ResultServerMgt/editResultServer/ (POST)
- /taoTests/Tests/editTest/ (POST)
- /taoTestTaker/TestTaker/editSubject/ (POST)
2) XSS in error page
The internal error page also lacks input/output validation. The following URL generates a website opening a message box showing the current location without any filtering:
Vulnerable / Tested Versions
The following version has been tested, which was the most recent one at the time
of the test:
- 3.3.0 RC2