GPG - 2048R/6D378CAF

~ Latest post

CVE-2015-5460 – Snorby – 2.6.2 - Stored Cross-site Scripting


Snorby is a new and modern Snort IDS front-end. The basic fundamental concepts behind snorby are simplicity and power. The project goal is to create a free, open source and highly competitive application for network monitoring for both private and enterprise use.


During my research and testing of new IDS (Intrusion Detection System) like Suricata I’ve found a Stored Cross-site Scripting (XSS) vulnerability in Snorby that I want to use as web user interface for suricata. The vulnerability exists in the module for adding a new threat classification model where the user input is not correctly sanitized before being saved it on the database or for example the output is not properly filtered, before its rendering in the event/menu code, in this way the vector gets executed.


CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

The XSS vector is triggered in the snorby/app/views/events/_menu.html.erb page by the event/menu:

<% @classifications.each do |cls| %>
    <% if cls.locked && cls.hotkey %>
        <%= drop_down_item "#{}<span class='shortcut'>#{cls.shortcut}</span>", '#', nil, { :class => 'classification', :"data-classification-id" => } %>
    <% else %>
        <%= drop_down_item "#{}", '#', nil, { :class => 'classification', :"data-classification-id" => } %>
    <% end %>
<% end %>


Posts Archive