SecurityvulnsSECURITYVULNS:DOC:30738[oss-security] Zenoss Open Source monitoring System - Open Redirect & Stored XSS Vulnerabilities
hi,
Several security issues were found in Zenoss monitoring system.
- Stored XSS.
A persistent XSS vulnerability was found in Zenoss core, by creating a
malicious host with the Title <script>alert("Xss")</script> any user
browsing
to the relevant manufacturers page will get a client-side script executed
immediately.
Proof of concept:
-
Create a device with with the Title <script>alert("XSS")</script>
-
Navigate to the Infrastructure -> Manufacturers page.
-
pick the name of the manufacturer of the device, e.g. Intel
-
select the type of the hardware the device is assigned to, e.g.
GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz -
the XSS Executes.
<tr class="even">
<td class="tablevalues"><a
href='/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("xss")</script></a></td>
<td class="tablevalues">GenuineIntel_ Intel(R) Core(TM)
i7-2640M CPU _ 2.80GHz</td>
</tr> -
Open Redirect vulnerability.
an open redirect is possible via http://zenoss
-url.com/:8080/zport/acl_users/cookieAuthHelper/login_form?came_from=[
http://malicious-website.com ] allowing an
attacker to redirect a user to a malicious website.
Can CVE numbers please be assigned to these?
Tx.
– additional proof of concept vid. https://www.youtube.com/watch?v=wtmdsz24evo&feature=youtu.be