PT-2018-4559 · Skybox · Skybox Platform
Published
2018-01-12
·
Updated
2018-01-24
·
CVE-2015-9247
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Skybox Platform versions prior to 7.5.401
Description
An issue exists in the software where reflected cross-site scripting vulnerabilities can be exploited. This can occur through the "soapenv:Body" element in the /skyboxview/webservice/services/VersionRepositoryWebService endpoint, or via the
status parameter in the "login.html" page.Recommendations
For versions prior to 7.5.401, update to version 7.5.401 or later to resolve the issue. As a temporary workaround, consider restricting access to the /skyboxview/webservice/services/VersionRepositoryWebService endpoint and avoiding use of the
status parameter in the login.html page until the update is applied.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Skybox Platform