HP Intelligent Management Center 5.1 E0202 Cross Site Scripting

2013.03.05
Credit: Inshell
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Inshell Security Advisory http://www.inshell.net 1. ADVISORY INFORMATION ----------------------- Product: HP Intelligent Management Center Vendor URL: www.hp.com Type: Cross-Site Scripting [CWE-79] Date found: 2012-06-08 Date published: 2013-03-04 CVSSv2 Score: CWE-79: 3,5 (AV:N/AC:M/Au:S/C:N/I:P/A:N) CVE: - 2. CREDITS ---------- This vulnerability was discovered and researched by Julien Ahrens from Inshell Security. 3. VERSIONS AFFECTED -------------------- HP Intelligent Management Center v5.1 E0202, older versions may be affected too. 4. VULNERABILITY DESCRIPTION ---------------------------- An Non-Persistent Cross-Site Scripting vulnerability has been identified in HP Intelligent Management Center v5.1 E0202. Vulnerable module (all parameters): +/imc/topo/topoContent.jsf An attacker could temporarily inject arbitrary code with authenticated user interaction into the context of the admin - interface. Successful exploitation of the vulnerability allows for example cookie theft, session hijacking or client side context manipulation. 5. PROOF-OF-CONCEPT (Code / Exploit) ------------------------------------ http://localhost:8080/imc/topo/topoContent.jsf?opentopo_symbolid="><img src="http://security.inshell.net/img/logo.png" onload=alert('XSS');>&opentopo_loader=null&opentopo_level1nodeid=3&topoorientation_parentsymbolid=null&topoorientation_devsymbolid=null&topoorientation_level1nodeid=null&topoorientation_loader=null&checknode=null&ywkeys=isvlan&ywvalues=1&uselefttree=null&usetabpane=null&HandleMode=null&toponamelist=null For additional screenshots and/or PoCs visit: http://security.inshell.net/advisory/32 6. SOLUTION ----------- Update to latest version v5.2 E401 7. REPORT TIMELINE ------------------ 2012-06-08: Discovery of the vulnerability 2012-06-08: Vendor assigns security tracking identifier "SSRT100881" 2012-06-16: Vendor evaluates the problem report 2012-06-29: Public disclosure date reached, contacting vendor 2012-06-29: Vendor responds with "not even close to being ready" 2012-07-01: Asking for an appropriate timeframe 2012-07-08: Vendor statement: No timeframe available yet 2012-08-01: Request for status update 2012-08-06: Vendor is not able to reproduce the problem 2012-08-06: Providing additional PoC-Code 2012-10-04: Vendor provides new build for testing 2012-10-16: Confirmation that the issue is fixed 2012-11-09: Request for status update 2012-11-16: Vendor gives update on release timeframe 2013-02-19: Vendor releases v5.2 E401 which fixes the problem 2013-03-04: Coordinated Disclosure 8. REFERENCES ------------- http://security.inshell.net/advisory/32

References:

http://security.inshell.net/advisory/32


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top