hi,
Several security issues were found in Zenoss monitoring system.
Proof of concept:
Create a device with with the Title <script>alert("XSS")</script>
Navigate to the Infrastructure -> Manufacturers page.
pick the name of the manufacturer of the device, e.g. Intel
select the type of the hardware the device is assigned to, e.g.
GenuineIntel_ Intel(R) Core(TM) i7-2640M CPU _ 2.80GHz
the XSS Executes.
<tr class="even">
<td class="tablevalues"><a
href='/zport/dmd/Devices/Server/Linux/devices/localhost/devicedetail'><script>alert("xss")</script></a></td>
<td class="tablevalues">GenuineIntel_ Intel(R) Core(TM)
i7-2640M CPU _ 2.80GHz</td>
</tr>
Open Redirect vulnerability.
an open redirect is possible via http://zenoss
-url.com/:8080/zport/acl_users/cookieAuthHelper/login_form?came_from=[
http://malicious-website.com ] allowing an
attacker to redirect a user to a malicious website.
Can CVE numbers please be assigned to these?
Tx.
– additional proof of concept vid. https://www.youtube.com/watch?v=wtmdsz24evo&feature=youtu.be