Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-2207

Publish Date: 22 Jul 2015

Author: Chia Junyuan, Benjamin Tan, Foo Jong Meng

Source

                # Vulnerability type: Cross-site Scripting 
# Vendor: http://www.netcracker.com/
# Product: NetCracker Resource Management System
# Affected version: =&lt; 8.0
# Patched version: 8.2
# Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan
# CVE ID: CVE-2015-2207

# PROOF OF CONCEPT (XSS)

Cross-site scripting (XSS) vulnerability in multiple pages in NetCracker
Resource Management System and earlier allows authenticated users to
inject arbitrary javascript via multiple parameters.

# VULNERABLE PARAMETERS:
ctrl
- t90001_0_theform_selection
- _scroll
- tableName
- parent
- circuit
- return
- xname
- mpTransactionId
- (etc...)

# SAMPLE PAYLOAD
- &lt;script&gt;alert("XSS")&lt;/script&gt;

# TIMELINE
- 28/02/2015: Vulnerability found
- 13/03/2015: Vendor informed
- 13/03/2015: Vendor responded and acknowledged
- 19/05/2015: Vendor fixed the issue
- 22/07/2015: Public disclosure
<p>

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

NetCracker Resource Management System 8.0 Cross Site Scripting

Vulmon Search

About

Products

Connect