Vigil@nce: Solaris, Cross Site Scripting of SunMC
March 2009 by Vigil@nce
An attacker can create a Cross Site Scripting in Sun Management
Center.
– Gravity: 2/4
– Consequences: client access/rights
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 05/03/2009
IMPACTED PRODUCTS
– Sun Solaris
– Sun Trusted Solaris
DESCRIPTION OF THE VULNERABILITY
The Sun Management Center product offers a management web site.
The /prm/reports script of the Performance Reporting Module
displays information about performance.
However, this script displays the received "msg" parameter without
filtering it.
An attacker can therefore create a Cross Site Scripting in Sun
Management Center.
CHARACTERISTICS
– Identifiers: 247046, 6722485, BID-33999, VIGILANCE-VUL-8512
– Url: http://vigilance.fr/vulnerability/Solaris-Cross-Site-Scripting-of-SunMC-8512