Nokia Solutions and Networks @vantage - Multiple Reflected XSS

2015.09.14
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Document Title: ============== Nokia Solutions and Networks @vantage - Multiple Reflected XSS Release Date: ============ 9 Sep 2015 Abstract Advisory Information: ============================= Ugur Cihan Koc discovered twentySeven Reflected XSS vulnerability in Nokia NSN @vantage Vulnerability Disclosure Timeline: ================================= 24 July 2015 Bug reported to the vendor. 28 July 2015 Asked about the case. 8 Sep 2015 End of support for this product, reported by the vendor Discovery Status: ================ Published Affected Product(s): =================== Nokia NSN @vantage Exploitation Technique: ====================== Local, Authenticated Severity Level: ============== Medium Technical Details & Description: =============================== Affected Path/Parameter[27] : /cftraces/filter/fl_copy.jsp idFilter nameFilter /cftraces/filter/fl_crea1.jsp flName /cftraces/process/pr_show_process.jsp serchStatus refreshTime serchNode /cftraces/session/se_crea.jsp MaxActivationTime NumberOfBytes NumberOfTracefiles SessionName serchSessionkind /cftraces/session/se_show.jsp serchSessionDescription /cftraces/session/tr_crea_filter.jsp serchApplication serchApplicationkind /cftraces/session/tr_create_tagg_para.jsp columKeyUnique columParameter componentName criteria1 criteria2 criteria3 description filter id pathName tableName component /home/certificate_association.jsp userid Proof of Concept (PoC): ====================== Proof of Concept https://drive.google.com/open?id=0B-LWHbwdK3P9eTNKRkdDWGpkN2M Solution Fix & Patch: ==================== There aren't any fix for the issue. [End of Support] Security Risk: ============= The risk of the vulnerability above estimated as medium. Credits & Authors: ================= Ugur Cihan Koc(@_uceka_) Blog: www.uceka.com

References:

https://drive.google.com/open?id=0B-LWHbwdK3P9eTNKRkdDWGpkN2M


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top