Vulners
Lucene search
HP Intelligent Management Center 5.1 E0202 Cross Site Scripting
`Inshell Security Advisory
http://www.inshell.net
1. ADVISORY INFORMATION
-----------------------
Product: HP Intelligent Management Center
Vendor URL: www.hp.com
Type: Cross-Site Scripting [CWE-79]
Date found: 2012-06-08
Date published: 2013-03-04
CVSSv2 Score: CWE-79: 3,5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
CVE: -
2. CREDITS
----------
This vulnerability was discovered and researched by Julien Ahrens from
Inshell Security.
3. VERSIONS AFFECTED
--------------------
HP Intelligent Management Center v5.1 E0202, older versions may be
affected too.
4. VULNERABILITY DESCRIPTION
----------------------------
An Non-Persistent Cross-Site Scripting vulnerability has been identified
in HP Intelligent Management Center v5.1 E0202.
Vulnerable module (all parameters):
+/imc/topo/topoContent.jsf
An attacker could temporarily inject arbitrary code with authenticated
user interaction into the context of the admin - interface. Successful
exploitation of the vulnerability allows for example cookie theft,
session hijacking or client side context manipulation.
5. PROOF-OF-CONCEPT (Code / Exploit)
------------------------------------
http://localhost:8080/imc/topo/topoContent.jsf?opentopo_symbolid="><img
src="http://security.inshell.net/img/logo.png"
onload=alert('XSS');>&opentopo_loader=null&opentopo_level1nodeid=3&topoorientation_parentsymbolid=null&topoorientation_devsymbolid=null&topoorientation_level1nodeid=null&topoorientation_loader=null&checknode=null&ywkeys=isvlan&ywvalues=1&uselefttree=null&usetabpane=null&HandleMode=null&toponamelist=null
For additional screenshots and/or PoCs visit:
http://security.inshell.net/advisory/32
6. SOLUTION
-----------
Update to latest version v5.2 E401
7. REPORT TIMELINE
------------------
2012-06-08: Discovery of the vulnerability
2012-06-08: Vendor assigns security tracking identifier "SSRT100881"
2012-06-16: Vendor evaluates the problem report
2012-06-29: Public disclosure date reached, contacting vendor
2012-06-29: Vendor responds with "not even close to being ready"
2012-07-01: Asking for an appropriate timeframe
2012-07-08: Vendor statement: No timeframe available yet
2012-08-01: Request for status update
2012-08-06: Vendor is not able to reproduce the problem
2012-08-06: Providing additional PoC-Code
2012-10-04: Vendor provides new build for testing
2012-10-16: Confirmation that the issue is fixed
2012-11-09: Request for status update
2012-11-16: Vendor gives update on release timeframe
2013-02-19: Vendor releases v5.2 E401 which fixes the problem
2013-03-04: Coordinated Disclosure
8. REFERENCES
-------------
http://security.inshell.net/advisory/32
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Mar 2013 00:00Current
0.2Low risk
Vulners AI Score0.2