HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities

This host is running HP SiteScope and is prone to cross site scripting and HTML injection vulnerabilitie

Reporter	Title	Published	Views	Family All 18
ATTACKERKB	CVE-2011-1726	3 May 201120:55	–	attackerkb
ATTACKERKB	CVE-2011-1727	3 May 201120:55	–	attackerkb
CVE	CVE-2011-1726	3 May 201120:00	–	cve
CVE	CVE-2011-1727	3 May 201120:00	–	cve
Cvelist	CVE-2011-1726	3 May 201120:00	–	cvelist
Cvelist	CVE-2011-1727	3 May 201120:00	–	cvelist
EUVD	EUVD-2011-1725	7 Oct 202500:30	–	euvd
EUVD	EUVD-2011-1726	7 Oct 202500:30	–	euvd
Tenable Nessus	HP SiteScope XSS	2 May 201100:00	–	nessus
NVD	CVE-2011-1726	3 May 201120:55	–	nvd

Source	Link
xforce	www.xforce.iss.net/xforce/xfdb/45958
vupen	www.vupen.com/english/advisories/2011/1091
h20000	www.h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp
secunia	www.secunia.com/advisories/44354

###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_hp_sitescope_xss_vuln.nasl 6367 2017-06-19 07:11:34Z ckuersteiner $
#
# HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities
#
# Authors:
# Sooraj KS <[email protected]>
#
# Copyright:
# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will allow attacker-supplied HTML and script code to
  run in the context of the affected browser, potentially allowing the attacker
  to steal cookie-based authentication credentials or to control how the site
  is rendered to the user. Other attacks are also possible.
  Impact Level: Application";
tag_affected = "HP SiteScope versions 9.54, 10.13, 11.01, and 11.1";
tag_insight = "The flaws are caused by input validation errors when processing user-supplied
  data, which could allow cross site scripting or HTML injection attacks.";
tag_solution = "Upgrade to HP SiteScope version 11.1 and apply the SS1110110412 hotfix
  http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02807712";
tag_summary = "This host is running HP SiteScope and is prone to cross site
  scripting and HTML injection vulnerabilities.";

if(description)
{
  script_id(801881);
  script_version("$Revision: 6367 $");
  script_tag(name:"last_modification", value:"$Date: 2017-06-19 09:11:34 +0200 (Mon, 19 Jun 2017) $");
  script_tag(name:"creation_date", value:"2011-05-18 15:37:30 +0200 (Wed, 18 May 2011)");
  script_cve_id("CVE-2011-1726", "CVE-2011-1727");
  script_bugtraq_id(47554);
  script_tag(name:"cvss_base", value:"4.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_name("HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities");
  script_xref(name : "URL" , value : "https://secunia.com/advisories/44354");
  script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/45958");
  script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2011/1091");
  script_xref(name : "URL" , value : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02807712");

  script_tag(name:"qod_type", value:"remote_vul");
  script_summary("Check if SiteScope is vulnerable to Cross-Site Scripting");
  script_category(ACT_ATTACK);
  script_copyright("Copyright (C) 2011 Greenbone Networks GmbH");
  script_family("Web application abuses");
  script_dependencies("http_version.nasl");
  script_require_ports("Services/www", 8080);
  script_tag(name : "impact" , value : "Successful exploitation will allow attacker-supplied HTML and script code
to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based
authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Impact Level: Application");
  script_tag(name : "affected" , value : "HP SiteScope versions 9.54, 10.13, 11.01, and 11.1");

  script_tag(name : "insight" , value : "The flaws are caused by input validation errors when processing
user-supplied data, which could allow cross site scripting or HTML injection attacks.");

  script_tag(name : "solution" , value : "Upgrade to HP SiteScope version 11.1 and apply the SS1110110412 hotfix
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02807712");

  script_tag(name : "summary" , value : "This host is running HP SiteScope and is prone to cross site scripting
and HTML injection vulnerabilities.");
  exit(0);
}

include("host_details.inc");
include("http_func.inc");
include("http_keepalive.inc");
   
if (!port = get_app_port(cpe: CPE))
  exit(0);

## Construct attack request
url = string("/SiteScope/jsp/hosted/HostedSiteScopeMessage.jsp?messageKey=",
              "<script>alert('openvas-xss-test')</script>");

## Try XSS and check the response to confirm vulnerability
if(http_vuln_check(port:port, url:url, check_header: TRUE,
   pattern:"en.<script>alert\('openvas-xss-test'\)</script>"))
{
  security_message(port);
  exit(0);
}

exit(0);

19 Jun 2017 00:00Current

EPSS0.01198