[DSECRG-09-058] Vmware View - XSS vulnerability
Linked XSS in VMware Portal
Digital Security Research Group [DSecRG] Advisory DSECRG-09-058
Application: VMware View Portal
Versions Affected: <= 3.1
Vendor URL: http://www.vmware.com
Bugs: XSS
Exploits: YES
Reported: 07.09.2009
Vendor response: 21.09.2009
Date of Public Advisory: 05.05.2010
CVE: CVE-2010-1143
Author: Alexey Sintsov
from Digital Security Research Group [DSecRG] (research [at] dsecrg [dot]
com)
Description
***********
Linked XSS in VMware Portal
Details
*******
An attacker may inject JavaScript code into url.
Example:
********
https://[VMware_Portal_IP]/not_a_real_page
Solution
********
Update VmWare View to version 3.1.3
References
**********
http://dsecrg.com/pages/vul/show.php?id=149
http://lists.vmware.com/pipermail/security-announce/2010/000092.html
About
*****
Digital Security is leading IT security company in Russia, providing
information security consulting, audit and penetration testing services,
risk analysis and ISMS-related services and certification for ISO/IEC
27001:2005 and PCI DSS standards. Digital Security Research Group focuses
on web application and database security problems with vulnerability
reports, advisories and whitepapers posted regularly on our website.
Contact: research [at] dsecrg [dot]com
http://www.dsecrg.com
VMware View Portals 3.1 cross site scripting
- VMware View Portals 3.1 cross site scripting
- Unknown
- May 18, 2010
- No comments:
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment
silahkan tinggalkan komentar anda disini .. :D