HP Client Security Manager 8.3.4 Cross-Site Scripting Vulnerability


Vendor: HP Inc.
Product web page: http://www.hp.com
Affected version: 8.3.4.1811

Summary: HP Client Security Manager provides enhanced Windows
login and website single-sign-on capabilities. Security Manager
is also the host for HP Client Security plugins and should be
installed before other Client Security modules. This package is
provided for supported notebook models running a supported operating
system.

Desc: HP Client Security Manager is prone to XSS attacks because
of lacking sanitization of data from HTML forms. It makes any site
vulnerable even without XSS presence on the site.

Tested on: Microsoft Windows 7 Professional SP1 (EN)
           Microsoft Windows 7 Ultimate SP1 (EN)


Vulnerability discovered by Ewerson Guimaraes (Crash)


Advisory ID: ZSL-2016-5299
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5299.php


09.10.2015


--


Reproduction:

 When you make a login process in any site that the HP Client Security Manager intercepts
 and render the username mixed with the site.
 To trigger this vuln, just use some payload like <img src="lala.gif" onerror="alert(document.cookie)">
 in the username HTML form.
 For this reason any site can be exploited even without XSS presence directly in the site.