Raritan CommandCenter Secure Gateway Cross Site Scripting

2019.11.16

Credit: Okan Coskun

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

I. VULNERABILITY
-------------------------
XSS Vulnerability on Raritan CommandCenter Secure Gateway
II. CVE REFERENCE
-------------------------
-
III. VENDOR
-------------------------
https://www.raritan.com/support/product/commandcenter-secure-gateway
IV. TIMELINE
-------------------------
30/01/2019 Vulnerability discovered
30/01/2019 Vendor contacted
27/02/2019 Raritan replied as "this fix is scheduled for release version 8.0"
06/05/2019 Version 8.0 is released
V. CREDIT
-------------------------
Okan Coşkun from Biznet Bilisim A.S.
Alp Hısım from Biznet Bilisim A.S.
VI. DESCRIPTION
-------------------------
Prior versions of Raritan CommandCenter Secure Gateway 8.0 affected
from XSS vulnerability. A remote attacker could steal victims cookie
or redirect victim to malicious site.
VII. PROOF OF CONCEPT
-------------------------
Affected Component:
Path(inurl): /access/MacroFileUploadServlet
Affected parameter: macroFile
MacroFileUpload of Raritan CC-SG affected from XSS vulnerability. A
remote attacker could steal victims cookie or redirect victim to
malicious site.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Raritan CommandCenter Secure Gateway Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.