Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

S21SEC-038-en: Alcatel Omnivista 4760 Cross-Site Scripting

From: S21sec Labs <labs () s21sec com>
Date: Fri, 19 Oct 2007 00:02:29 +0200
##############################################################
                     - S21Sec Advisory -
##############################################################

        Title:   Alcatel Omnivista 4760 Cross-Site Scripting
           ID:   S21SEC-038-en
 Severity:   Medium -
  History:   10.Jun.2007 Vulnerability discovered
                   20.Jun.2007 Vendor contacted
                   19.Oct.2007 Advisory released
 Authors:   Juan de la Fuente Costa (jfuente () s21sec com)
                   Pablo Seijo Cajaraville (pseijo () s21sec com)
       URL:   http://www.s21sec.com/avisos/s21sec-038-en.txt
Release:   Public

[ SUMMARY ]
Alcatel-Lucent OmniVista 4760 is an innovative, modular platform that provides a suite of network management applications. This powerful Java-based tool, accessed through a Web browser, provides centralized management for the OmniPCX Enterprise.
The platform's open architecture enables today's IT managers and administrators to effectively monitor and maintain the network, while lowering the company's total cost of ownership. This suite of network management applications includes: 

    * LDAP Directory
    * Configuration
    * Accounting/Performance Management
    * Alarm Notification
    * Network Topology


[ AFFECTED VERSIONS ]

This vulnerability has been tested in Alcatel Omnivista 4760.


[ DESCRIPTION ]
S21sec has discovered a vulnerability in Alcatel Omnivista 4760 that allows injecting JavaScript code in text variables. 
This issue allows javascript code execution in the user browser.

The identified parameters are: "action" and "Langue"

Parameter: action
URL: http://www.somesite.com/php-bin/Webclient.php? action=<script>alert("xss")</script> 

Parameter: Langue

URL: http://www.somesite.com/?Langue=";><script>alert("xss")</script><";


[ WORKAROUND ]
Alcatel-Lucent has released a patch to address this vulnerability. More info at: 
http://www1.alcatel-lucent.com/psirt/statements/2007003/4760xss.htm

[ ACKNOWLEDGMENTS ]

This vulnerability has been discovered and researched by:

- Juan de la Fuente Costa <jfuente () s21sec com> S21Sec
- Pablo Seijo Cajaraville <pseijo () s21sec com> S21Sec

With special thanks to:

- Miguel Angel Aguilar Bermejo


[ REFERENCES ]

* S21Sec
  http://www.s21sec.com
  http://blog.s21sec.com
Previous By Date Next
Previous By Thread Next

Current thread: