Date: Wed, 14 May 2014 15:03:09 +0300 From: Dolev Farhi <dolevf87@...il.com> To: oss-security <oss-security@...ts.openwall.com>, cve-assign <cve-assign@...re.org> Subject: Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities hi, Several security issues were found in Zenoss monitoring system. 1. Stored XSS. A persistent XSS vulnerability was found in Zenoss core, by creating a malicious host with the Title <script>alert("Xss")</script> any user browsing to the relevant manufacturers page will get a client-side script executed immediately. Proof of concept: 1. Create a device with with the Title <script>alert("XSS")</script> 2. Navigate to the Infrastructure -> Manufacturers page. 3. pick the name of the manufacturer of the device, e.g. Intel 4. select the type of the hardware the device is assigned to, e.g. GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz 5. the XSS Executes. <tr class="even"> <td class="tablevalues"><a href='/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("xss")</script></a></td> <td class="tablevalues">GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz</td> </tr> 2. Open Redirect vulnerability. an open redirect is possible via http://zenoss -url.com/:8080/zport/acl_users/cookieAuthHelper/login_form?came_from=[ http://malicious-website.com ] allowing an attacker to redirect a user to a malicious website. Can CVE numbers please be assigned to these? Tx. -- additional proof of concept vid. https://www.youtube.com/watch?v=wtmdsz24evo&feature=youtu.be
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.