HP Client Security Manager version 8.3.4 suffers from a cross site scripting vulnerability.
01df5385f599231ac5a52b7ca43cb404f1d8358282ebd63f386750fa880eb352
HP Client Security Manager 8.3.4 Cross-Site Scripting Vulnerability
Vendor: HP Inc.
Product web page: http://www.hp.com
Affected version: 8.3.4.1811
Summary: HP Client Security Manager provides enhanced Windows login
and website single-sign-on capabilities. Security Manager is also the
host for HP Client Security plugins and should be installed before
other Client Security modules. This package is provided for supported
notebook models running a supported operating system.
Desc: HP Client Security Manager is prone to XSS attacks because of
lacking sanitization of data from HTML forms. It makes any site
vulnerable even without XSS presence on the site.
Tested on: Microsoft Windows 7 Professional SP1 (EN)
Microsoft Windows 7 Ultimate SP1 (EN)
Vulnerability discovered by Ewerson Guimaraes (Crash)
Advisory ID: ZSL-2016-5299
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5299.php
09.10.2015
Reproduction:
When you make a login process in any site that the HP Client Security
Manager intercepts and render the username mixed with the site.
To trigger this vuln, just use some payload like <img
src="lala.gif"onerror="alert(document.cookie)"> in the username HTML
form.
For this reason any site can be exploited even without XSS presence
directly in the site.