Persistent Cross Site Scripting Vulnerabilities

XMLWordPrintable

    • Type: Defect (Security)
    • Resolution: Fixed
    • Priority: Blocker
    • 1.8.10, 1.9.9 (beta)
    • Affects Version/s: 1.8.5
    • Component/s: Frontend (F)
    • Environment:
      Debian GNU/Linux 5.0.8 (Lenny)
      Apache 2.2.16
      PHP 5.3.3

      Tested with:
      Mozilla Firefox 5.0

      These URL's are vulnerable to persistent XSS attacks due to improper sanitation of gname variable when creating user and host groups.

      URL:
      hostgroups.php
      usergrps.php

      Vulnerable parameter:
      gname

      Method:
      POST

      Injected:
      "</options><script>alert('XSS')</script>

      Persists in:
      http://test/zabbix/hostgroups.php
      http://test/zabbix/users.php
      http://test/zabbix/hosts.php?form=update&hostid=N (where N is a valid hostid)
      http://test/zabbix/scripts.php?form=1&scriptid=N (where N is a valid scriptid)
      http://test/zabbix/maintenance.php

        1. 1.png
          1.png
          91 kB
        2. 2.png
          2.png
          86 kB
        3. 3.png
          3.png
          94 kB
        4. 4.png
          4.png
          97 kB
        5. link_indicator.jpg
          link_indicator.jpg
          25 kB
        6. monitoring_dashboard.jpg
          monitoring_dashboard.jpg
          37 kB
        7. monitoring_maps.jpg
          monitoring_maps.jpg
          31 kB
        8. timeperiod.jpg
          timeperiod.jpg
          21 kB
        9. triggers_items.jpg
          triggers_items.jpg
          40 kB

            Assignee:
            Unassigned
            Reporter:
            Martina Matari
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: