header-logo
Suggest Exploit
vendor:
View Portal
by:
Alexey Sintsov
7,5
CVSS
HIGH
XSS
79
CWE
Product Name: View Portal
Affected Version From: <= 3.1
Affected Version To: 3.1.3
Patch Exists: YES
Related CWE: CVE-2010-1143
CPE: a:vmware:view_portal
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2011-0370/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2010-1143/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Vmware View – XSS vulnerability

An attacker may inject JavaScript code into url. Example: https://[VMware_Portal_IP]/not_a_real_page<SCRIPT>alert(/XSS/.source)</SCRIPT>

Mitigation:

Update VmWare View to version 3.1.3
Source

Exploit-DB raw data:

[DSECRG-09-058] Vmware View - XSS vulnerability

Source:http://www.dsecrg.com/pages/vul/show.php?id=158

Linked XSS in VMware Portal

Digital Security Research Group [DSecRG] Advisory DSECRG-09-058

Application: VMware View Portal
Versions Affected: <= 3.1
Vendor URL: http://www.vmware.com
Bugs: XSS
Exploits: YES
Reported: 07.09.2009
Vendor response: 21.09.2009
Date of Public Advisory: 05.05.2010
CVE: CVE-2010-1143
Author: Alexey Sintsov
from Digital Security Research Group [DSecRG] (research [at] dsecrg [dot] com)


Description
***********

Linked XSS in VMware Portal


Details
*******

An attacker may inject JavaScript code into url.

Example:
********

https://[VMware_Portal_IP]/not_a_real_page<SCRIPT>alert(/XSS/.source)</SCRIPT>

Solution
********
Update VmWare View to version 3.1.3

References
**********
http://dsecrg.com/pages/vul/show.php?id=149
http://lists.vmware.com/pipermail/security-announce/2010/000092.html


About
*****

Digital Security is leading IT security company in Russia, providing information security consulting, audit and penetration testing services, risk analysis and ISMS-related services and certification for ISO/IEC 27001:2005 and PCI DSS standards. Digital Security Research Group focuses on web application and database security problems with vulnerability reports, advisories and whitepapers posted regularly on our website.


Contact: research [at] dsecrg [dot]com
http://www.dsecrg.com

Navigation

Suggest Exploit

Services By CQR