Altitude uAgent - Altitude uCI 7.5 Persistent XSS

Details
========================================================================================
Product: Altitude uAgent - Altitude uCI 7.5
Security-Risk: High
Vendor-URL: http://www.altitude.com
CVE-ID:CVE-2014-9212

Credits
========================================================================================
Discovered by: Owais Mehtab


Affected Products:
========================================================================================
Altitude uAgent Web

Description
========================================================================================
" Altitude uAgent - Altitude uCI 7.5 Persistent XSS "

More Details
========================================================================================
I found two persistent Cross site scripting (XSS) in Altitude uAgent - Altitude uCI 7.5,
the vulnerability can be easily exploited and can be used to steal cookies,
perform phishing attacks and other various attacks compromising the security of a
user. These XSS can only be exploited by authenticated users

Proof of Concept
========================================================================================
1-XSS In Hyperlink
------------------
In send email option click on insert hyperlink and insert vector:-

"><img src=x onerror=prompt(document.cookie);>


2-Email XSS
-----------
Another XSS was found in image attribute section, vulnerable parameter (style)

POC attack vector:-
x:expression(alert(1))


I have informed the vendor but they don't tend to fix the problem.



-- 
Regards,
Owais Mehtab