Vulners
Lucene search
Dell OpenManage Server Administrator omalogin.html DOM-based XSS
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | CVE-2012-4955 | 15 Nov 201211:00 | – | cve |
 | CVE-2012-4955 | 15 Nov 201211:00 | – | cvelist |
 | EUVD-2012-4880 | 7 Oct 202500:30 | – | euvd |
 | CVE-2012-4955 | 15 Nov 201211:58 | – | nvd |
 | Cross site scripting | 15 Nov 201211:58 | – | prion |
 | Dell OpenManage Server Administrator contains a cross-site scripting vulnerability | 14 Nov 201200:00 | – | cert |
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(62974);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2012-4955");
script_bugtraq_id(56518);
script_xref(name:"CERT", value:"558132");
script_name(english:"Dell OpenManage Server Administrator omalogin.html DOM-based XSS");
script_summary(english:"Requests PoC URL");
script_set_attribute(
attribute:"synopsis",
value:
"A web application hosted on the remote web server has a cross-site
scripting vulnerability."
);
script_set_attribute(
attribute:"description",
value:
"The version of Dell OpenManage Server Administrator hosted on the
remote web server has a cross-site scripting vulnerability. Making a
specially crafted request for omalogin.html can result in client-side
script injection. An attacker could exploit this by tricking a user
into requesting a maliciously crafted URL.
A similar vulnerability exists in omatasks.html, but Nessus has not
tested that attack vector."
);
# http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=JJMWP&osCode=WNET&fileId=3082295338
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c34c744f");
# http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=PCXMR&osCode=WNET&fileId=3082295344
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?578ea62e");
# http://www.dell.com/support/drivers/us/en/19/DriverDetails/Product/poweredge-r710?driverId=5JDN0&osCode=WNET&fileId=3082293694
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1f5bf40c");
script_set_attribute(
attribute:"solution",
value:
"For Windows systems, upgrade to version 6.5, 7.0, or 7.1 (if necessary)
and apply the appropriate patch referenced in US-CERT VU#558132.
For Linux systems, there is no known solution at this time."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:U/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:U/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/14");
script_set_attribute(attribute:"patch_publication_date", value:"2012/11/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/11/20");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:dell:openmanage_server_administrator");
script_end_attributes();
script_category(ACT_ATTACK);
script_family(english:"CGI abuses : XSS");
script_copyright(english:"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.");
script_dependencies("dell_openmanage.nasl");
script_exclude_keys("Settings/disable_cgi_scanning");
script_require_keys("www/dell_omsa");
script_require_ports("Services/www", 1311);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:1311, embedded:TRUE);
install = get_install_from_kb(appname:'dell_omsa', port:port, exit_on_fail:TRUE);
base_url = build_url(qs:install['dir'], port:port);
poc_url = install['dir'] + '/omalogin.html?msgStatus="><script>alert(/' + SCRIPT_NAME + unixtime() + '/)</script>';
res = http_send_recv3(method:'GET', item:poc_url, port:port, exit_on_fail:TRUE);
hdrs = parse_http_headers(status_line:res[0], headers:res[1]);
if (hdrs['$code'] == 200) # does it return a 200 status?
{
if ('function QueryString_Parse' >< res[2] || # does it contain the vulnerable JS code?
'function QueryString' >< res[2] ||
'QueryString("msgStatus")' >< res[2])
{
if ('function removeSpChars' >!< res[2] || # it doesn't contain the remediation code?
'removeSpChars(value)' >!< res[2])
{
report = get_vuln_report(port:port, items:poc_url);
security_report_v4(extra:report, port:port, severity:SECURITY_WARNING, xss:TRUE);
}
}
}
audit(AUDIT_WEB_APP_NOT_AFFECTED, 'Dell OpenManage Server Administrator', base_url);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Jan 2021 00:00Current
5.1Medium risk
Vulners AI Score5.1
CVSS 24.3
EPSS0.00638