TS3 Manager Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in TS3 Manager versions through 2.2.1. The issue arises in the login page's error handling, where malicious scripts embedded in server hostnames are executed in the victim's browser without proper sanitization. This vulnerability allows for the execution of arbitrary JavaScript, potentially leading to session token or cookie theft, phishing attacks, or unauthorized actions performed as the victim.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute arbitrary JavaScript in the context of the victim's browser.

Reproduction

To reproduce this vulnerability, submit a hostname containing malicious JavaScript into the Server field of the login page. The application will attempt to resolve the hostname. If the input is malformed, the error handling mechanism will return an unsanitized error message that includes the original payload. This message is rendered directly into the DOM, where the browser executes the embedded scripts.

Remediation

Users are advised to upgrade to TS3 Manager version 2.2.2 or later.