CellPipe 7130 Cross Site Scripting

2015-06-16T00:00:00
ID PACKETSTORM:132327
Type packetstorm
Reporter Dionisia Lerataki
Modified 2015-06-16T00:00:00

Description

                                        
                                            ` CellPipe Router XSS vulnerability  
  
Device model : CellPipe 7130 RG 5Ae. M2013 HOL  
*Software Version:* : *1.0.0.20h.HOL*  
CVE: CVE-2015-4587  
Date: 16/06/2015  
Discovered by: Dionisia Lerataki  
(https://gr.linkedin.com/pub/dionisia-lerataki/88/18/891)  
  
  
Vulnerability type: Stored XSS vulnerabilities in the router's web interface  
  
Exploitation and Impact:  
  
A cross site scripting vulnerability is shared among the router's  
users. These can harm other users of the router. The malicious  
javascript can be executed in the context  
of an other user's browsers and allows several different attack  
opportunities, mostly hijacking the  
current session of the user. This happens because the user input is  
interpreted as HTML/JavaScript by the browser.  
  
For example at the "port triggering" menu at the "Custom application" field  
we can add javascript like :  
<script> alert(document.cookie)</script>  
`