Samsung Series Cross Site Scripting

2013-06-13T00:00:00
ID PACKETSTORM:122005
Type packetstorm
Reporter Jonas Rapero Castillo
Modified 2013-06-13T00:00:00

Description

                                        
                                            `===========================================================================  
SAMSUNG  
====================================================================  
===========================================================================  
  
1.Advisory Information  
Title: Samsung Series Vulnerability  
Date Published: 12/06/2013  
Date of last updated: 12/06/2013  
  
2.Vulnerability Description  
The following vulnerability has been found in these devices:  
-CVE-2013-3964. Cross Site Scripting(CWE-79)  
  
3.Affected Products  
CVE-2013-3964, the following product are affected: SHR-5162, SHR-5082   
It’s possible others models are affected but they were not checked: SHR-5XXX,SHR-516X,SHR-508X,SHR-5042,SHR-4160,SHR-4081,SHR-2XXX,SHR-216X,SHR-208X,SHR-204X  
  
4.PoC  
4.1.Cross Site Scripting (XSS)  
CVE-2013-3964, Cross Site Scripting non-persistent.  
_____________________________________________________________________________  
http://xx.xx.xx.xx/<script>alert(123)</script>  
_____________________________________________________________________________  
  
5.Credits  
CVE-2013-3964 ,was discovered by Jonás Ropero Castillo.   
  
6.Report Timeline  
-2013-06-11: Students try to contact to Samsung Support Centre, but the service is temporarily down.   
`