Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

verisign-xss.txt

🗓️ 07 Oct 2008 00:00:00Reported by Mazin FaourType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 35 Views

VeriSign DMS Cross-Site Scripting Vulnerability CVE-2008-439

Related
Code
ReporterTitlePublishedViews
Family
Circl		CVE-2008-4393
5 Oct 200800:00
circl
CVE		CVE-2008-4393
7 Oct 200818:27
cve
Cvelist		CVE-2008-4393
7 Oct 200818:27
cvelist
EUVD		EUVD-2008-4374
7 Oct 202500:30
euvd
Kaspersky		KLA10240 CI vulnerability in Kontiki DMS
7 Oct 200800:00
kaspersky
NVD		CVE-2008-4393
7 Oct 200820:00
nvd
Prion		Cross site scripting
7 Oct 200820:00
prion
`VeriSign Kontiki Delivery Management System (DMS) Cross-Site Scripting  
Vulnerability   
  
(CVE Number: CVE-2008-4393)   
  
  
  
Vulnerability Type / Importance: XSS / Medium   
  
  
  
Problem discovered: September 24th 2007   
  
Vendor contacted: September 26th 2007   
  
Advisory published: March 28th 2008   
  
  
  
Abstract   
  
The Kontiki Delivery Management System (DMS) is "a low-cost enterprise  
content delivery system that helps large companies rapidly deliver  
compelling, rich media communications to employees, customers, and  
partners."   
  
Kontiki DMS is vulnerable to a cross-site scripting attack based on the  
manipulation of URL parameters of a site running this service.   
  
  
  
Description  
  
During a recent penetration test, a cross-site scripting vulnerability  
was discovered in a Kontiki DMS servlet. The vulnerability can be tested  
by entering JavaScript in the URL as shown in the example below:   
  
  
  
http://server/zodiac/servlet/zodiac?action=%3Cscript%3Ealert(document.co  
okie)%3C/script%3E  
  
  
  
The server would process the code and execute the JavaScript on the  
user's browser.   
  
Verisign was contacted and immediately confirmed that this was indeed a  
security issue and set about producing a patch to include in the next  
update for the product.   
  
  
  
Affected Versions   
  
Kontiki DMS Version <= 5.0   
  
  
  
Operating Systems Tested   
  
Microsoft Windows   
  
  
  
Vendor & Patch Information   
  
Verisign has released a patch to resolve this issue, which can be  
downloaded from https://customersupport.kontiki.com/software/patch-20102  
  
  
  
Workarounds   
  
IRM is not aware of any workarounds for this issue.   
  
  
  
Credits   
  
Research & Advisory: Mazin Faour   
  
  
  
Disclaimer   
  
All information in this advisory is provided on an 'as is' basis in the  
hope that it will be useful. Information Risk Management Plc is not  
responsible for any risks or occurrences caused by the application of  
this information.  
  
  
  
http://www.irmplc.com/researchlab  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
07 Oct 2008 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.00827
verisign kontiki delivery management systemcross-site scriptingmedium importancecve-2008-4393september 24th 2007september 26th 2007march 28th 2008url parametersjavascriptverisignsecurity patchkontiki dms version <= 5.0microsoft windowsadvisorymazin faourinformation risk management plc
35