Alacate-Lucent OmniVista 4760 Multiple Cross Site Scripting Vulnerabilities

Bugtraq ID:	26128
Class:	Input Validation Error
CVE:	CVE-2007-5190
Remote:	Yes
Local:	No
Published:	Oct 18 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	Miguel Angel and Aguilar Bermejo are credited with the discovery of these vulnerabilities.
Vulnerable:	Alcatel-Lucent Omnivista 4760 0
Not Vulnerable:

Alacate-Lucent OmniVista 4760 Multiple Cross Site Scripting Vulnerabilities

OmniVista 4760 is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

Exploiting these vulnerabilities may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

Alacate-Lucent OmniVista 4760 Multiple Cross Site Scripting Vulnerabilities

To exploit these issues, an attacker must entice an unsuspecting victim into following a malicious URI.

The following proof-of-concept URIs are available:

• /data/vulnerabilities/exploits/26128.html

Alacate-Lucent OmniVista 4760 Multiple Cross Site Scripting Vulnerabilities

Solution:
The vendor released an advisory and fixes to address these issues. Please see the references for more information.

Alacate-Lucent OmniVista 4760 Multiple Cross Site Scripting Vulnerabilities

References:

• S21SEC-038-en: Alcatel Omnivista 4760 Cross-Site Scripting (S21sec Labs )
  
• Cross-site scripting vulnerabilities in OmniVista 4760 (Alcatel-Lucen)
  
• Omnivista 4760 Homepage (Omnivista)