Share
I. VULNERABILITY  
-------------------------  
XSS Vulnerability on Raritan CommandCenter Secure Gateway  
  
II. CVE REFERENCE  
-------------------------  
-  
  
III. VENDOR  
-------------------------  
https://www.raritan.com/support/product/commandcenter-secure-gateway  
  
IV. TIMELINE  
-------------------------  
30/01/2019 Vulnerability discovered  
30/01/2019 Vendor contacted  
27/02/2019 Raritan replied as "this fix is scheduled for release version 8.0"  
06/05/2019 Version 8.0 is released  
  
V. CREDIT  
-------------------------  
Okan Coşkun from Biznet Bilisim A.S.  
Alp Hısım from Biznet Bilisim A.S.  
  
VI. DESCRIPTION  
-------------------------  
Prior versions of Raritan CommandCenter Secure Gateway 8.0 affected  
from XSS vulnerability. A remote attacker could steal victims cookie  
or redirect victim to malicious site.  
  
VII. PROOF OF CONCEPT  
-------------------------  
Affected Component:  
Path(inurl): /access/MacroFileUploadServlet  
Affected parameter: macroFile  
  
MacroFileUpload of Raritan CC-SG affected from XSS vulnerability. A  
remote attacker could steal victims cookie or redirect victim to  
malicious site.