Reflected Cross-Site Scripting vulnerability in asdoc generated documentation
A reflected Cross-Site scripting vulnerability was found in Apache Flex's asdoc generated API documentation. This issue allows attackers to perform a wide variety of actions, such as stealing victims' session tokens or login credentials if available, performing arbitrary actions on their behalf but also performing arbitrary redirects to potential malicious websites.
Apache Flex reports that all versions of Apache Flex before 4.14.1 are affected by this vulnerability.
CVE-2015-1773 Apache Flex reflected XSS vulnerability
APSB15-08 - Security vulnerability in output of Adobe Flex ASdoc Tool
Users should upgrade their version of Apache Flex and regenerate their current documentation generated with asdoc. Please note that any local modification to the asdoc index.html will need to be saved as they are not reapplied by asdoc on the newly generated documentation.
This vulnerability can be exploited using the two URL parameters that specify the content of the frames on the page. Tricking a victim into visiting a specially crafted URL allows attackers to run arbitrary client-side scripting code within the victims browser. The attacker-supplied code can perform a wide variety of actions, such as stealing a victims session token or login credentials if the documentation is served from a location which requires authorization. Also attackers can perform arbitrary actions and redirects on behalf of the user.
The following proof of concept demonstrates this issue:
This issue has been found on several domains including flex.apache.org, googlecode.com projects, for example: