Details of VAR-190001-0525

ID

VAR-190001-0525

TITLE

Cyclope Internet Filtering Proxy 'user' HTML Injection Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2011-4377 // BID: 50317

DESCRIPTION

The Cyclope Internet Filtering Proxy monitors the entire Internet traffic and blocks access to websites and files based on selected filtering criteria. The web-based management console lacks sufficient filtering for input and there is a cross-site scripting vulnerability. Whitelist and blacklist modes are affected by this vulnerability. Sending the malicious script code <user>USER</user><computer>COMPUTER</computer><ip>IP ADDY</ip>\\n to the default record port 8585 in the correct order, resulting in an XSS attack due to no filtering. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 0.81

sources: CNVD: CNVD-2011-4377 // BID: 50317

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2011-4377

AFFECTED PRODUCTS

vendor:	amplusnet group	model:	cyclope internet filtering proxy	scope:	-	version:	-	Trust: 0.6
vendor:	amplusnet	model:	cyclope internet filtering proxy	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2011-4377 // BID: 50317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201110-532

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201110-532

EXTERNAL IDS

db:	BID	id:	50317	Trust: 1.5
db:	CNVD	id:	CNVD-2011-4377	Trust: 0.6
db:	CNNVD	id:	CNNVD-201110-532	Trust: 0.6

sources: CNVD: CNVD-2011-4377 // BID: 50317 // CNNVD: CNNVD-201110-532

REFERENCES

url:	http://www.securityfocus.com/bid/50317	Trust: 1.2
url:	http://www.cyclope-series.com/download/index.aspx?p=2	Trust: 0.3

sources: CNVD: CNVD-2011-4377 // BID: 50317 // CNNVD: CNNVD-201110-532

CREDITS

loneferret

Trust: 0.9

sources: BID: 50317 // CNNVD: CNNVD-201110-532

SOURCES

db:	CNVD	id:	CNVD-2011-4377
db:	BID	id:	50317
db:	CNNVD	id:	CNNVD-201110-532

LAST UPDATE DATE

2022-05-17T01:47:41.312000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2011-4377	date:	2011-10-21T00:00:00
db:	BID	id:	50317	date:	2011-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201110-532	date:	2011-10-24T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2011-4377	date:	2011-10-21T00:00:00
db:	BID	id:	50317	date:	2011-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201110-532	date:	1900-01-01T00:00:00