HP Client Security Manager 8.3.4 Cross-Site Scripting Vulnerability


Vendor: HP Inc.
Product web page: http://www.hp.com
Affected version: 8.3.4.1811

Summary: HP Client Security Manager provides enhanced Windows login
and website single-sign-on capabilities. Security Manager is also the
host for HP Client Security plugins and should be installed before
other Client Security modules. This package is provided for supported
notebook models running a supported operating system.

Desc: HP Client Security Manager is prone to XSS attacks because of
lacking sanitization of data from HTML forms. It makes any site
vulnerable even without XSS presence on the site.

Tested on: Microsoft Windows 7 Professional SP1 (EN)
           Microsoft Windows 7 Ultimate SP1 (EN)


Vulnerability discovered by Ewerson Guimaraes (Crash)


Advisory ID: ZSL-2016-5299
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5299.php


09.10.2015


Reproduction:

When you make a login process in any site that the HP Client Security
Manager intercepts and render the username mixed with the site.

To trigger this vuln, just use some payload like <img
src="lala.gif"onerror="alert(document.cookie)"> in the username HTML
form.
For this reason any site can be exploited even without XSS presence
directly in the site.