Packeteer PacketShaper and PolicyCenter web management interfaces suffer from cross site scripting vulnerabilities. Version 8.2.2 is susceptible.
3a473a89575ca2787873d351a8d7e0e9ca2a79431a64c5d52914570195cf78f9Packeteer Products File Listing XSS
Product:
Packeteer PacketShaper
https://www.packeteer.com/products/packetshaper/
Packeteer PolicyCenter
https://www.packeteer.com/products/packetshaper/policycenter.cfm
The web management interface of several Packeteer products contains a cross-site scripting vulnerability in the file listing function. Parameter FILELIST, specified in an arbitrary page request, is not sufficiently sanitized before it gets embedded in the HTML output of the Error Report page. (The parameter value is limited to 64 characters.)
Example:
https://(target)/whatever.htm?FILELIST=%3C/script%3E%3Cbody+onLoad=alert(%26quot%3BXSS%26quot%3B)%3E%3Cscript%3E
The vulnerability has been identified in version 8.2.2. However, other versions may be also affected.
Solution:
Do not stay logged into the Packeteer web management interface while browsing other web sites.
Found by:
nnposter
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed