gistfile1.txt

Vulnerability Name: Reflected Cross Site Scripting in LeoStream Connection Broker
Registered: TBD

Discoverers:
Scott Goodwin

Vendor of Product:
LeoStream

Affected Product Code Base:
LeoStream Connection Broker 9.0.3 <= 9.0.34.3

Attack Type:
Remote

Vulnerability Type:
Unauthenticated Reflected Cross Site Scripting

Vulnerability Impact:
Arbitrary JavaScript Execution

Attack Vector:
By submitting JavaScript within the "user" parameter of a GET request to the /index.pl endpoint of LeoStream Connection Broker (login page), it is possible to gain arbitrary JavaScript execution within the context of a the user's browser. 

Description:
If an attacker can convince a user to click a malicious link designed to exploit the XSS vulnerability, it is possible to execute code within that users browser. If the user convinced to click the maliicous link is authenticated, it is possible to gain unauthorized access to the LeoStream application. 

PoC:
https://examplesite/index.pl?user="><script>alert("Cross%20Site%20Scripting!")</script>

Additional Information:
This vulnerability exists in end of life software, and was patched in version 9.0.34.3, which is also end of life. Customers are advised to upgraded to a supported version of LeoStream Connection Broker. 

Reporting Timeline:
07/07/2021: Vulnerability was reported to LeoStream
07/07/2021: LeoStream notes that 9.0.34.x and earlier are EOL and that this issue was fixed in 9.0.34.3
08/06/2021: Public disclosure

Reference:
https://dgccpa.com
https://leostream.com
https://www.leostream.com/resources-2/product-lifecycle/