LaSuite Doc Stored Cross-Site Scripting Vulnerability in Interlinking Feature

A stored cross-site scripting vulnerability has been identified in LaSuite Doc versions 3.8.0 prior to 4.3.0, within the Interlinking feature. The vulnerability arises because the URL of links created in the document editor is not properly validated. This allows an attacker with document editing privileges to inject a malicious 'javascript:' URL that executes arbitrary code when clicked by other users. Furthermore, this vulnerability can be exploited to create a self-propagating worm, spreading the injected script to all documents the victim can edit.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user who clicks the link. Additionally, the vulnerability enables a self-spreading worm that propagates through shared documents.

Reproduction

To reproduce this vulnerability, a user with document editing privileges can create a link in the Interlinking feature by injecting a 'javascript:' URL. Once the link is saved and clicked by another user, the injected script will execute, demonstrating the cross-site scripting vulnerability. The self-propagating worm can be observed by clicking the malicious link, which will then spread the injected script to all documents the victim can edit.

Remediation

Users can update to LaSuite Doc version 4.4.0 or later, where this vulnerability has been fixed.