Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Visual Paradigm Server 10.0 Cross Site Scripting Vulnerability

🗓️ 28 Nov 2015 00:00:00Reported by Manuel ManceraType 
zdt
 zdt🔗 0day.today👁 38 Views

Visual Paradigm Server v10.0 Cross Site Scripting Vulnerabilit

Code
================================================================
Visual Paradigm Server v10.0 - Cross Site Scripting (XSS)
================================================================

Information
--------------------
Name: Visual Paradigm Server v10.0 - Cross Site Scripting (XSS)
Affected Software : Visual Paradigm Server
Affected Versions: 10.0
Vendor Homepage : http://www.visual-paradigm.com
Vulnerability Type : Cross Site Scripting
Severity : Low
CVE: n/a


Product
--------------------
Visual Paradigm Server is a service that is installed with Visual 
Paradigm Teamwork Server. It is used to manage the license server accounts.


Description
--------------------
A vulnerability has been detected in login.jsp  that allow an attacker 
execute arbitrary javascript in the browser context of a victim and 
could steal the cookie of a user and hijack his session.


Proof of Concept URL
--------------------
http://site:1999/login.jsp?error=Invalid 
login&user="/><script>alert("XSS");</script>


Solution
--------------------
Install a higher version, the last version is 12.2


Advisory Timeline
--------------------

26/11/2015 - Informed vendor about the issue
26/11/2015 - Vendor responded
27/11/2015 - Vendor say that just this version (10.0) is affected by 
this vulnerability, and this version is deprecated. (Also I reported 
other XSS in his website and they fixed)
27/11/2015 - Vulnerability published

#  0day.today [2018-02-16]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
28 Nov 2015 00:00Current
6.7Medium risk
Vulners AI Score6.7
visual paradigm servercross site scriptinglow severityversion 10.0teamwork serverbrowser contextcookie stealingsession hijackproof of concepthigher versiondeprecatedvendor responseadvisory timeline
38