Altitude uAgent - Altitude uCI 7.5 XSS

2014-12-03T00:00:00
ID PACKETSTORM:129372
Type packetstorm
Reporter Owais Mehtab
Modified 2014-12-03T00:00:00

Description

                                        
                                            `Altitude uAgent - Altitude uCI 7.5 Persistent XSS  
  
Details  
========================================================================================  
Product: Altitude uAgent - Altitude uCI 7.5  
Security-Risk: High  
Vendor-URL: http://www.altitude.com  
CVE-ID:CVE-2014-9212  
  
Credits  
========================================================================================  
Discovered by: Owais Mehtab  
  
  
Affected Products:  
========================================================================================  
Altitude uAgent Web  
  
Description  
========================================================================================  
" Altitude uAgent - Altitude uCI 7.5 Persistent XSS "  
  
More Details  
========================================================================================  
I found two persistent Cross site scripting (XSS) in Altitude uAgent - Altitude uCI 7.5,  
the vulnerability can be easily exploited and can be used to steal cookies,  
perform phishing attacks and other various attacks compromising the security of a  
user. These XSS can only be exploited by authenticated users  
  
Proof of Concept  
========================================================================================  
1-XSS In Hyperlink  
------------------  
In send email option click on insert hyperlink and insert vector:-  
  
"><img src=x onerror=prompt(document.cookie);>  
  
  
2-Email XSS  
-----------  
Another XSS was found in image attribute section, vulnerable parameter (style)  
  
POC attack vector:-  
x:expression(alert(1))  
  
  
I have informed the vendor but they don't tend to fix the problem.  
  
  
  
--   
Regards,  
Owais Mehtab  
`