Versions of Follett School Solutions Destiny Library manager before v22.0.1 AU1 are affected by a reflected cross-site scripting vulnerability. Due to this vulnerability, if the application is accessed through an attacker-controlled link, the attacker can display arbitrary (potentially hostile & dangerous) content in the context of the otherwise legitimate website.
Securin Zero-Days
CVE-2024-47095 – Reflected Cross-Site Scripting in Follett School Solutions Destiny Library Manager
Severity:Medium
Vendor
Follett School Solutions
Affected Product
Destiny Library Manager
CVE
CVE-2024-47095
Securin ID
-
Status
Fixed
Date
September 26, 2024
Description
Proof of Concept (POC):
We tested the following vulnerability on a deployment of Follett School Solutions Destiny Library Manager version 21.2.0 RC2.
1. Navigate the application normally to identify the site ID of any valid site within the target deployment. For many deployments the main landing page of the application will consist of links to particular site IDs. As these values are expected to be small integers it is also possible to identify a valid site ID via brute force if necessary.
2. Construct a URL of the form https://affected.domain/common/servlet/handleloginform.do?expiredSupportMessage=%3Cimg%20src=x%20onerror=alert()%3E&showSupportExpiredMessage=true&site=1234 where “affected.domain” is replaced with the domain of the deployment and “1234” is replaced with a valid site ID for that deployment.
Figure 1: Observing arbitrary JavaScript execution as a consequence of accessing the application through a crafted URL.
Impact
If a user accesses the vulnerable application through an attacker controlled link, the attacker can arbitrarily modify the contents of the site as displayed to the victim user. This can be abused to achieve a form of vandalism, to spread misinformation, and to steal any passwords users may submit to the site.
Remediations
Encode special characters prior to reflecting them in an HTML or JavaScript context via server-side templating.
Timeline
May 21, 2024: Securin discovers the vulnerability in Follett School Solutions Destiny Library Manager version 21.2.0 RC2.
July 01, 2024: Securin reports the vulnerability to Follett School Solutions. Follett acknowledges they have received the report and states that they will investigate the issue.
July 08, 2024: Follett acknowledges the issue and reports they are working on establishing timing for releasing an official fix.
July 29, 2024: Follett shares that the official fix will be included in an update to the Destiny software on August 16, 2024.
August 16, 2024: Follett releases an official fix for the vulnerability.