Nokia Solutions And Networks Cross Site Scripting

Nokia Solutions And Networks Cross Site Scripting: Posted Sep 13, 2015; Authored by Ugur Cihan KOC; Nokia Solutions and Networks suffers from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 116eeda06260e8d7c6ebef3c066b34cb3c9a17aedffcf611abcf5a4717395d0d; Download | Favorite | View

Nokia Solutions And Networks Cross Site Scripting

Document Title:
==============
Nokia Solutions and Networks @vantage - Multiple Reflected XSS

Release Date:
============
9 Sep 2015

Abstract Advisory Information:
=============================
Ugur Cihan Koc discovered twentySeven Reflected XSS
vulnerability in Nokia NSN @vantage

Vulnerability Disclosure Timeline:
=================================
24 July 2015    Bug reported to the vendor.
28 July 2015    Asked about the case.
8 Sep    2015    End of support for this product, reported by the vendor

Discovery Status:
================
Published

Affected Product(s):
===================
Nokia NSN @vantage

Exploitation Technique:
======================
Local, Authenticated

Severity Level:
==============
Medium

Technical Details & Description:
===============================
Affected Path/Parameter[27] :

/cftraces/filter/fl_copy.jsp
    idFilter
    nameFilter
/cftraces/filter/fl_crea1.jsp
    flName
/cftraces/process/pr_show_process.jsp
    serchStatus
    refreshTime
    serchNode
/cftraces/session/se_crea.jsp
    MaxActivationTime
    NumberOfBytes
    NumberOfTracefiles
    SessionName
    serchSessionkind
/cftraces/session/se_show.jsp
    serchSessionDescription
/cftraces/session/tr_crea_filter.jsp
    serchApplication
    serchApplicationkind
/cftraces/session/tr_create_tagg_para.jsp
    columKeyUnique
    columParameter
    componentName
    criteria1
    criteria2
    criteria3
    description
    filter
    id
    pathName
    tableName
    component
/home/certificate_association.jsp
    userid

Proof of Concept (PoC):
======================
Proof of Concept
https://drive.google.com/open?id=0B-LWHbwdK3P9eTNKRkdDWGpkN2M

Solution Fix & Patch:
====================
There aren't any fix for the issue. [End of Support]

Security Risk:
=============
The risk of the vulnerability above estimated as medium.

Credits & Authors:
=================
Ugur Cihan Koc(@_uceka_)
Blog: www.uceka.com

Top Authors In Last 30 Days

Red Hat 172 files
Ubuntu 47 files
Debian 22 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
tmrswrr 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Nokia Solutions And Networks Cross Site Scripting

Nokia Solutions And Networks Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Nokia Solutions And Networks Cross Site Scripting

Share This

Nokia Solutions And Networks Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems