imge
Login to Securin

Securin Zero-Days

CVE-2024-47095 – Reflected Cross-Site Scripting in Follett School Solutions Destiny Library Manager

Severity:Medium

Vendor

Follett School Solutions

Affected Product

Destiny Library Manager

CVE

CVE-2024-47095

Securin ID

-

Status

Fixed

Date

September 26, 2024

Description

Versions of Follett School Solutions Destiny Library manager before v22.0.1 AU1 are affected by a reflected cross-site scripting vulnerability. Due to this vulnerability, if the application is accessed through an attacker-controlled link, the attacker can display arbitrary (potentially hostile and dangerous) content in the context of the otherwise legitimate website.

Proof of Concept (POC):

We tested the following vulnerability on a deployment of Follett School Solutions Destiny Library Manager version 21.2.0 RC2.

1. Navigate the application normally to identify the site ID of any valid site within the target deployment. For many deployments the main landing page of the application will consist of links to particular site IDs. As these values are expected to be small integers it is also possible to identify a valid site ID via brute force if necessary.

2. Construct a URL of the form https://affected.domain/common/servlet/handleloginform.do?expiredSupportMessage=%3Cimg%20src=x%20onerror=alert()%3E&showSupportExpiredMessage=true&site=1234 where “affected.domain” is replaced with the domain of the deployment and “1234” is replaced with a valid site ID for that deployment.

Figure 1: Observing arbitrary JavaScript execution as a consequence of accessing the application through a crafted URL.

Impact

If a user accesses the vulnerable application through an attacker controlled link, the attacker can arbitrarily modify the contents of the site as displayed to the victim user. This can be abused to achieve a form of vandalism, to spread misinformation, and to steal any passwords users may submit to the site.

Remediations

Encode special characters prior to reflecting them in an HTML or JavaScript context via server-side templating.

Timeline

May 21, 2024: Securin discovers the vulnerability in Follett School Solutions Destiny Library Manager version 21.2.0 RC2.

July 01, 2024: Securin reports the vulnerability to Follett School Solutions. Follett acknowledges they have received the report and states that they will investigate the issue.

July 08, 2024: Follett acknowledges the issue and reports they are working on establishing timing for releasing an official fix.

July 29, 2024: Follett shares that the official fix will be included in an update to the Destiny software on August 16, 2024.

August 16, 2024: Follett releases an official fix for the vulnerability.

Let Securin level up your security posture!

START NOW