lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 14 Nov 2019 22:26:11 +0300
From: okan coskun <okancoskun2@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Raritan CommandCenter Secure Gateway XSS Vulnerability on < 8.0

I. VULNERABILITY
-------------------------
XSS Vulnerability on Raritan CommandCenter Secure Gateway

II. CVE REFERENCE
-------------------------
-

III. VENDOR
-------------------------
https://www.raritan.com/support/product/commandcenter-secure-gateway

IV. TIMELINE
-------------------------
30/01/2019 Vulnerability discovered
30/01/2019 Vendor contacted
27/02/2019 Raritan replied as "this fix is scheduled for release version 8.0"
06/05/2019 Version 8.0 is released

V. CREDIT
-------------------------
Okan Coşkun from Biznet Bilisim A.S.
Alp Hısım from Biznet Bilisim A.S.

VI. DESCRIPTION
-------------------------
Prior versions of Raritan CommandCenter Secure Gateway 8.0 affected
from XSS vulnerability. A remote attacker could steal victims cookie
or redirect victim to malicious site.

VII. PROOF OF CONCEPT
-------------------------
Affected Component:
Path(inurl): /access/MacroFileUploadServlet
Affected parameter: macroFile

MacroFileUpload of Raritan CC-SG affected from XSS vulnerability. A
remote attacker could steal victims cookie or redirect victim to
malicious site.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists