Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting

2019-05-18T00:00:00
ID PACKETSTORM:152969
Type packetstorm
Reporter Kubilay Onur Gungor
Modified 2019-05-18T00:00:00

Description

                                        
                                            `  
I. VULNERABILITY  
-------------------------  
httpGetSet/httpGet.htm on  
Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.  
  
II. CVE REFERENCE  
-------------------------  
CVE-2019-12167  
  
III. VENDOR  
-------------------------  
Emerson Network Power  
  
IV. TIMELINE  
-------------------------  
13/05/2019 Vulnerability discovered  
  
V. CREDIT  
-------------------------  
Kubilay Onur Gungor from Cyber Struggle  
  
VI. DESCRIPTION  
-------------------------  
Cross Site Scripting (XSS) allows clients to inject scripts into a request and  
have the server return the script to the client in the response. This occurs  
because the application is taking untrusted data and reusing it  
without performing any validation or sanitisation.  
A remote user can conduct cross-site scripting attacks.  
  
Affected Component:  
Path(inurl): /httpGetSet/httpGet.htm?  
Parameter: statusstr  
  
VII. SOLUTION  
-------------------------  
Update to lastest version.  
  
  
`