Zenoss Monitoring System 4.2.5-2108 Cross Site Scripting

2014.07.27
Credit: Dolev
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system # Date: 12/05/2014 # Exploit author: Dolev Farhi dolev(at)openflare.org # Vendor homepage: http://zenoss.com # Software Link: http://www.zenoss.com # Version: Core 4.2.5-2108 64bit # Tested on: Kali Linux # Vendor alerted: 12/05/2014 # CVE-2014-3738 Software details: ================== Zenoss (Zenoss Core) is a free and open-source application, server, and network management platform based on the Zope application server. Released under the GNU General Public License (GPL) version 2, Zenoss Core provides a web interface that allows system administrators to monitor availability, inventory/configuration, performance, and events. Vulnerability details: Stored XSS Vulnerability ======================== A persistent XSS vulnerability was found in Zenoss core, by creating a malicious host with the Title <script>alert("Xss")</script> any user browsing to the relevant manufacturers page will get a client-side script executed immediately. Proof of Concept: 1. Create a device with with the Title <script>alert("XSS")</script> 2. Navigate to the Infrastructure -> Manufacturers page. 3. pick the name of the manufacturer of the device, e.g. Intel 4. select the type of the hardware the device is assigned to, e.g. GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz 5. the XSS Executes. <tr class="even"> <td class="tablevalues"><a href='/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("Dolev")</script></a></td> <td class="tablevalues">GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz</td> </tr>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top