Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 May 2014 15:03:09 +0300
From: Dolev Farhi <>
To: oss-security <>, cve-assign <>
Subject: Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities


Several security issues were found in Zenoss monitoring system.

1.  Stored XSS.
A persistent XSS vulnerability was found in Zenoss core, by creating a
malicious host with the Title <script>alert("Xss")</script> any user
to the relevant manufacturers page will get a client-side script executed

Proof of concept:
1. Create a device with with the Title <script>alert("XSS")</script>
 2. Navigate to the  Infrastructure -> Manufacturers page.
 3. pick the name of the manufacturer of the device, e.g. Intel
 4. select the type of the hardware the device is assigned to, e.g.
GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz
 5. the XSS Executes.
    <tr class="even">
      <td class="tablevalues"><a
      <td class="tablevalues">GenuineIntel_        Intel(R) Core(TM)
i7-2640M CPU _ 2.80GHz</td>

2. Open Redirect vulnerability.
an open redirect is possible via http://zenoss[ ]  allowing an
attacker to redirect a user to a malicious website.

Can CVE numbers please be assigned to these?


additional proof of concept vid.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.