I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerabilities in Transform Foundation server 4.3.1 and 5.2 from Bottomline Technologies II. BACKGROUND ------------------------- Bottomline offers powerful, next-generation electronic document solutions for formatting, personalizing and delivering ERP and business application output. III. DESCRIPTION ------------------------- Has been detected several Reflected XSS vulnerability in Transform Foundation server 4.3.1 and 5.2 1. XSS on GET parameters: http://XXXXXXXXX/TransformContentCenter/index.fsp/document.pdf?pn="XSS CODE" http://XXXXXXXXXXXXX/"XSS CODE"server-status.cgi 2. XSS on POST parameters: URL: XXXXXXXXX/TransformContentCenter/index.fsp/index.fsp PARAMETERS: db="XSS CODE" referer="XSS CODE" IV. PROOF OF CONCEPT ------------------------- GET: The application does not validate the parameter "pn" correctly. http://XXXXXXXXX/TransformContentCenter/index.fsp/document.pdf?pn=

http://XXXXXXXXXXXXX/server-status.cgi POST: The application does not validate the parameter "db" and "rerferer" correctly. XXXXXXXXX/TransformContentCenter/index.fsp/index.fsp db= and referer=