Vulners
Lucene search
Raritan CommandCenter Secure Gateway Cross Site Scripting
`I. VULNERABILITY
-------------------------
XSS Vulnerability on Raritan CommandCenter Secure Gateway
II. CVE REFERENCE
-------------------------
-
III. VENDOR
-------------------------
https://www.raritan.com/support/product/commandcenter-secure-gateway
IV. TIMELINE
-------------------------
30/01/2019 Vulnerability discovered
30/01/2019 Vendor contacted
27/02/2019 Raritan replied as "this fix is scheduled for release version 8.0"
06/05/2019 Version 8.0 is released
V. CREDIT
-------------------------
Okan Coşkun from Biznet Bilisim A.S.
Alp Hısım from Biznet Bilisim A.S.
VI. DESCRIPTION
-------------------------
Prior versions of Raritan CommandCenter Secure Gateway 8.0 affected
from XSS vulnerability. A remote attacker could steal victims cookie
or redirect victim to malicious site.
VII. PROOF OF CONCEPT
-------------------------
Affected Component:
Path(inurl): /access/MacroFileUploadServlet
Affected parameter: macroFile
MacroFileUpload of Raritan CC-SG affected from XSS vulnerability. A
remote attacker could steal victims cookie or redirect victim to
malicious site.
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
15 Nov 2019 00:00Current