<div dir="ltr"><div>Hi, <br></div><div>not sure if this is an actual issue, so I'm posting it here first, in case someone knows better.</div><div>We recently ran a vulnerability assessment using nessus against our server running cyrus and it detected the following medium risk XSS issue (the actual report is at the bottom of the email)<br></div><div><br></div><div>9080 is the custom port https is configured to listen on. <br></div><div><br></div><div>From what I understand it seems that someone could craft a special request and enter script code via the headers sent, code that appears in the response and could actually be executed in case a browser is used. <br></div><div><br></div><div>The report had multiple example requests, but technically they were all the same, so I'm just attaching the first example request that confirms the issue. <br></div><div><br></div><div>Regards,</div><div>Savvas Karagiannidis<br></div><div><br></div><div><br></div><div>Here's the related part of the report:</div><div></div><div><br></div><div>
<div class="gmail-details-header">Synopsis
</div>
<div style="line-height:20px;padding:0px 0px 20px">The remote web server is affected by a cross-site scripting vulnerability.
</div>
<div class="gmail-details-header">Description
</div>
<div style="line-height:20px;padding:0px 0px 20px">The remote host is 
running a web server that fails to adequately sanitize request strings 
of malicious JavaScript. A remote attacker can exploit this issue, via a
 specially crafted request, to execute arbitrary HTML and script code in
 a user's browser within the security context of the affected site.
</div>
<div class="gmail-details-header">See Also
</div>
<div id="gmail-idp46419412842120" style="display:block" class="gmail-table-wrapper gmail-see-also">
<table cellspacing="0" cellpadding="0">
<thead><tr><th width="100%"><br></th></tr></thead>
<tbody><tr class="gmail-"><td class="gmail-#ffffff"><a href="https://en.wikipedia.org/wiki/Cross-site_scripting" target="_blank">https://en.wikipedia.org/wiki/Cross-site_scripting</a></td></tr></tbody>
</table>

</div>
<div class="gmail-details-header">Solution
</div>
<div style="line-height:20px;padding:0px 0px 20px">Contact the vendor for a patch or upgrade.
</div>
<div class="gmail-details-header">Risk Factor
</div>
<div style="line-height:20px;padding:0px 0px 20px">Medium
</div>
<div class="gmail-details-header">CVSS Base Score
</div>
<div style="line-height:20px;padding:0px 0px 20px">4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
</div>
<div class="gmail-details-header">CVSS Temporal Score
</div>
<div style="line-height:20px;padding:0px 0px 20px">3.7 (CVSS2#E:H/RL:OF/RC:C)
</div>
<div class="gmail-details-header">References
</div>
<div id="gmail-idp46419284577544" style="display:block" class="gmail-table-wrapper gmail-see-also">
<table cellspacing="0" cellpadding="0">
<thead><tr>
<th width="15%"><br></th>
<th width="85%"><br></th>
</tr></thead>
<tbody>
<tr class="gmail-">
<td class="gmail-#ffffff">BID</td>
<td class="gmail-#ffffff"><a href="http://www.securityfocus.com/bid/5011" target="_blank">5011</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">BID</td>
<td class="gmail-#ffffff"><a href="http://www.securityfocus.com/bid/5305" target="_blank">5305</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">BID</td>
<td class="gmail-#ffffff"><a href="http://www.securityfocus.com/bid/7344" target="_blank">7344</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">BID</td>
<td class="gmail-#ffffff"><a href="http://www.securityfocus.com/bid/7353" target="_blank">7353</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">BID</td>
<td class="gmail-#ffffff"><a href="http://www.securityfocus.com/bid/8037" target="_blank">8037</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">BID</td>
<td class="gmail-#ffffff"><a href="http://www.securityfocus.com/bid/14473" target="_blank">14473</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">BID</td>
<td class="gmail-#ffffff"><a href="http://www.securityfocus.com/bid/17408" target="_blank">17408</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">BID</td>
<td class="gmail-#ffffff"><a href="http://www.securityfocus.com/bid/54344" target="_blank">54344</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">CVE</td>
<td class="gmail-#ffffff"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1060" target="_blank">CVE-2002-1060</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">CVE</td>
<td class="gmail-#ffffff"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1700" target="_blank">CVE-2002-1700</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">CVE</td>
<td class="gmail-#ffffff"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1543" target="_blank">CVE-2003-1543</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">CVE</td>
<td class="gmail-#ffffff"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2453" target="_blank">CVE-2005-2453</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">CVE</td>
<td class="gmail-#ffffff"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1681" target="_blank">CVE-2006-1681</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">CVE</td>
<td class="gmail-#ffffff"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-3382" target="_blank">CVE-2012-3382</a></td>
</tr>
<tr class="gmail-">
<td class="gmail-#ffffff">XREF</td>
<td class="gmail-#ffffff"><a href="http://cwe.mitre.org/data/definitions/79" target="_blank">CWE:79</a></td>
</tr>
</tbody>
</table>

</div>
<div class="gmail-details-header">Plugin Information
</div>
<div style="line-height:20px;padding:0px 0px 20px">Published: 2001/11/30, Modified: 2018/07/06
</div>
<div class="gmail-details-header">Plugin Output
</div>
<h2>tcp/9080</h2>

<div style="box-sizing:border-box;width:100%;background:rgb(238,238,238) none repeat scroll 0% 0%;font-family:monospace;padding:20px;margin:5px 0px 20px">------------------------------ Request #1 ------------------------------<br> <br>The full request used to detect this flaw was :<br> <br>GET /cgi-bin/llknxx7s.html HTTP/1.1<br>Host: <script>alert(Host)</script>:9080<br>Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1<br>Accept-Language: en<br>Connection: Close<br>User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)<br>Pragma: no-cache<br>Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*<br><br> <br> <br>The output was :<br> <br>HTTP/1.1 404 Not Found<br>Date: Thu, 23 Jan 2020 18:13:22 GMT<br>Connection: close, Upgrade<br>Upgrade: <br>Vary: Accept-Encoding<br>Content-Type: text/html; charset=utf-8<br>Content-Length: 437<br><br> <br>[...] Jansson/2.9 Server at <script>alert(Host)</script> Port 9080</address></ [...]<br> </div>

</div></div>