Lucene search
Owais MehtabPACKETSTORM:129372HistoryDec 03, 2014 - 12:00 a.m.
Altitude uAgent - Altitude uCI 7.5 XSS
2014-12-0300:00:00
Owais Mehtab
packetstormsecurity.com
39
0.001 Low
EPSS
Percentile
49.8%
`Altitude uAgent - Altitude uCI 7.5 Persistent XSS
Details
========================================================================================
Product: Altitude uAgent - Altitude uCI 7.5
Security-Risk: High
Vendor-URL: http://www.altitude.com
CVE-ID:CVE-2014-9212
Credits
========================================================================================
Discovered by: Owais Mehtab
Affected Products:
========================================================================================
Altitude uAgent Web
Description
========================================================================================
" Altitude uAgent - Altitude uCI 7.5 Persistent XSS "
More Details
========================================================================================
I found two persistent Cross site scripting (XSS) in Altitude uAgent - Altitude uCI 7.5,
the vulnerability can be easily exploited and can be used to steal cookies,
perform phishing attacks and other various attacks compromising the security of a
user. These XSS can only be exploited by authenticated users
Proof of Concept
========================================================================================
1-XSS In Hyperlink
------------------
In send email option click on insert hyperlink and insert vector:-
"><img src=x onerror=prompt(document.cookie);>
2-Email XSS
-----------
Another XSS was found in image attribute section, vulnerable parameter (style)
POC attack vector:-
x:expression(alert(1))
I have informed the vendor but they don't tend to fix the problem.
--
Regards,
Owais Mehtab
`
Related
nvd
nvd
CVE-2014-9212
2014-12-05 15:59:07
cve
cve
CVE-2014-9212
2014-12-05 15:59:07
prion
prion
Cross site scripting
2014-12-05 15:59:00
cvelist
cvelist
CVE-2014-9212
2014-12-05 15:00:00