#############################################################
#
# COMPASS SECURITY ADVISORY
# https://www.compass-security.com/research/advisories/
#
#############################################################
#
# Product:   Universal Automation Center (UAC) [1]
# Vendor:    Stonebranch
# CSNC ID:   CSNC-2019-006
# Subject:   Self Cross-Site Scripting through Cross-Site Request Forgery
# Risk:      Medium
# Effect:    Remotely exploitable
# Author:    MF & fxai (advisories@compass-security.com)
# Date:      21.05.2019
#
#############################################################

Introduction:
-------------
Universal Automation Center (UAC) is a system of four dynamic IT automation products allowing you to automate your 21st century business processing, securely manage file transfers or extend a legacy scheduling solution throughout the enterprise.

Affected:
---------
The following UAC versions are vulnerable:
6.6.0.0 build 268 and possibly earlier versions.

Technical Description:
----------------------
The UAC Web User Interface is vulnerable against a self XSS which can be triggerd through a CSRF attack.
The vulnerability lies in the file upload function. It does not contain any CSRF token. Also the "selectedEncoding" field is reflected back in an error message without proper encoding.


Workaround / Fix:
-----------------
Escape all user input. Use CSRF tokens to prevent CSRF attacks.


Timeline:
---------
2019-05-17:   Vulnerability discovered
2019-05-20:   Initial vendor notification
2019-05-21:   Initial vendor response
2019-06-17:   Patched version UC 6.6.0.1 released
2019-07-25:   Public disclosure

References:
-----------
[1]: https://www.stonebranch.com/products/universal-automation-center/