Pandora FMS 5.1SP1 Cross Site Scripting

2014-11-15 / 2015-04-19
Credit: William Costa
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

I. VULNERABILITY ------------------------- XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisio?n PC141031 II. BACKGROUND Pandora FMS is the monitoring software chosen by several companies all around the world for managing their IT infrastructure. Besides ensuring high performance and maximum flexibility, it has aIII. DESCRIPTION ------------------------- Has been detected a Reflected XSS vulnerability in Pandora FMS in page visualization agents, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser. The code injection is done through the parameter "refr" in the page ?/index.php?sec=estado&sec2=operation/agentes/estado_agente&refr=? IV. PROOF OF CONCEPT ------------------------- The application does not validate the parameter ?refr?. Malicious Request ("refr") Vulnerable: http://firefly.artica.es/pandora_demo/index.php?sec=estado&sec2=operat ion/agentes/estado_agente&refr=</script><script>alert(document.cookie) </script>0&group_id=0 V. BUSINESS IMPACT ------------------------- An attacker can send link and choice text write in page. VI. SYSTEMS AFFECTED ------------------------- Pandora FMS v5.1SP1 - Revisio?n PC141031 VII. SOLUTION ------------------------- All data received by the application and can be modified by the user, before making any kind of transaction with them must be validated By William Costa william.costa@gmail.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top