Lucene search
Kubilay Onur Gungor1337DAY-ID-32745HistoryMay 21, 2019 - 12:00 a.m.
Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting Vulnerability
2019-05-2100:00:00
Kubilay Onur Gungor
0day.today
162
EPSS
0.001
Percentile
48.2%
Exploit for multiple platform in category web applications
I. VULNERABILITY
-------------------------
httpGetSet/httpGet.htm on
Emerson Network Power Liebert Challenger 5.1E0.5 devices allows XSS via the statusstr parameter.
II. CVE REFERENCE
-------------------------
CVE-2019-12167
III. VENDOR
-------------------------
Emerson Network Power
IV. TIMELINE
-------------------------
13/05/2019 Vulnerability discovered
V. CREDIT
-------------------------
Kubilay Onur Gungor from Cyber Struggle
VI. DESCRIPTION
-------------------------
Cross Site Scripting (XSS) allows clients to inject scripts into a request and
have the server return the script to the client in the response. This occurs
because the application is taking untrusted data and reusing it
without performing any validation or sanitisation.
A remote user can conduct cross-site scripting attacks.
Affected Component:
Path(inurl): /httpGetSet/httpGet.htm?
Parameter: statusstr
VII. SOLUTION
-------------------------
Update to lastest version.
# 0day.today [2019-05-21] #Related
prion
prion
Design/Logic Flaw
2019-05-22 18:29:00
packetstorm
packetstorm
Emerson Network Power Liebert Challenger 5.1E0.5 Cross Site Scripting
2019-05-18 00:00:00
cvelist
cvelist
CVE-2019-12167
2019-05-22 17:42:43
cve
cve
CVE-2019-12167
2019-05-22 18:29:00
nvd
nvd
CVE-2019-12167
2019-05-22 18:29:00