Tags › Cross-Site Scripting

VoIPmonitor: cross-site scripting via SIP messages

• Fixed versions: VoIPmonitor WEB GUI 24.56
• Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2021-02-voipmonitor-gui-xss/
• VoIPmonitor Security Advisory: none, changelog references fixes at https://www.voipmonitor.org/changelog-gui?major=5
• Tested vulnerable versions: 24.53, 24.54, 24.55
• References: CVE-2021-1000004
• Timeline:
  • Report date: 2021-02-10
  • Triaged: 2021-02-12
  • First fixes available: 2021-02-15
  • Fixes to actually address XSS: 2021-02-22
  • VoIPmonitor release with fix: 2021-02-22
  • Enable Security advisory: 2021-03-15

Description

Multiple Cross-Site Scripting vulnerabilities were observed in the VoIPmonitor WEB GUI. These vulnerabilities can be exploited by sending SIP messages towards hosts monitored by VoIPmonitor. During our tests, the following areas were affected:

Juniper VPN SSL: client-side cross-site scripting

• Vendor advisory: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10589
• Vulnerable product that was tested: MAG-2600, Version 7.2R3 (build 21397)
• CVE: CVE-2013-5649
• Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2013-01-juniper-junos-dom-xss/

Description

The Juniper VPN SSL system was found to be vulnerable to a client-side cross site scripting vulnerability.

Impact

Exploitation of this vulnerability may allow hijack of VPN SSL sessions. This usually involves a social engineering attack in order to convince a logged in victim to click on an attacker-supplied URL. Therefore such an attack would typically be the result of a targeted attack rather than an opportunistic one.

Applicure dotDefender: stored cross-site scripting in admin interface

An advisory by EnableSecurity.

• ID: ES-20100601
• Affected Versions: version 4.0
• Fixed versions: 4.01-3 and later
• Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2010-01-applicure-dotDefender-stored-xss/

Description

Applicure dotDefender is a Web Application Firewall that can be installed on Windows and Linux servers.

From their website (applicure.com):

“dotDefender is the market-leading software Web Application Firewall (WAF). dotDefender boasts enterprise-class security, advanced integration capabilities, easy maintenance and low total cost of ownership (TCO). dotDefender is the perfect choice for protecting your website and web applications today.”

…

Armorlogic Profense WAF: multiple vulnerabilities

An advisory by EnableSecurity. Trustwave published a joint advisory named TWSL2009-001.

• ID: ES-20090500
• Affected Versions: versions prior to 2.4.4 and 2.2.22
• Fixed versions: 2.4.4, 2.2.22 and later
• Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2009-02-armorlogic-profense-multiple-vulnerabilities/

Description

Armorlogic Profense is a Web Application Firewall and load balancing solution.

From their website (armorlogic.com):

“Protecting and securing websites and web applications can be a complicated business. Profense web application firewall simplifies protection with an affordable and easy to use, feature rich, solution that gives you full PCI DSS 1.1 and 1.2 section 6.6 compliance.”

…

OpenX: multiple vulnerabilities

An advisory by EnableSecurity in collaboration with Acunetix.

• Affected versions: OpenX 2.6.4 and older versions
• Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2009-01-openx-multiple-vulnerabilities/

Description

OpenX is an online advertising web application written in PHP that supports popular sites such as TechCrunch, SUN Microsystems and Metacafe.

From their website (openx.org):

“OpenX is a free, open source ad server that manages the selling and delivery of your online advertising inventory. You can get OpenX as a hosted service or as downloaded software.”

…