Altitude uAgent - Altitude uCI 7.5 Persistent XSS Details ======================================================================================== Product: Altitude uAgent - Altitude uCI 7.5 Security-Risk: High Vendor-URL: http://www.altitude.com CVE-ID:CVE-2014-9212 Credits ======================================================================================== Discovered by: Owais Mehtab Affected Products: ======================================================================================== Altitude uAgent Web Description ======================================================================================== " Altitude uAgent - Altitude uCI 7.5 Persistent XSS " More Details ======================================================================================== I found two persistent Cross site scripting (XSS) in Altitude uAgent - Altitude uCI 7.5, the vulnerability can be easily exploited and can be used to steal cookies, perform phishing attacks and other various attacks compromising the security of a user. These XSS can only be exploited by authenticated users Proof of Concept ======================================================================================== 1-XSS In Hyperlink ------------------ In send email option click on insert hyperlink and insert vector:- "><img src=x onerror=prompt(document.cookie);> 2-Email XSS ----------- Another XSS was found in image attribute section, vulnerable parameter (style) POC attack vector:- x:expression(alert(1)) I have informed the vendor but they don't tend to fix the problem. -- Regards, Owais Mehtab