Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-19393 PoC — Rittal CMC PU III 跨站脚本漏洞

Source
https://github.com/miguelhamal/CVE-2019-19393
Associated Vulnerability
Title:Rittal CMC PU III 跨站脚本漏洞 (CVE-2019-19393)
Description:The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session.
Readme
# Rittal CMC PU III – Stored XSS PoC

**Application:** Rittal CMC PU III Web management

**Devices:** CMC PU III 7030.000

**Software Revision:** From V3.11.00_2 to V3.15.70_4

**Hardware Revision:** From V3.00 to V6.01

**Attack type:** Stored XSS

**Solution:** Update to Software Revision V3.17.10 or later

**Summary:** Web application fails to sanitize user input on system configurations page. This allows attacker
to backdoor the device with HTML and browser interpreted content (such as JS or other client-side scripts) as
the content is displayed always after and before login. Persistent XSS allows attacker to modify displayed
content or to change the victim's information. Successful exploitation requires access to the web management
interface either with valid credentials or hijacked session.

**Technical Description:** See CVE-2019-19393.pdf

**Timeline:**
   * 2019-11-11 Issues discovered
   * 2019-11-28 First contact with vendor via e-mail
   * 2020-03-02 Second contact with vendor via e-mail
   * 2020-03-02 Vendor response. XSS vulnerabilities were already detected, and would be patched in the next release
   * 2020-08-20 New Software Version release. V3.17.10   
   * 2020-09-28 Vulnerability patch confirmed
File Snapshot

 [4.0K]  /data/pocs/e64d2b8a48e6b396e033e097eb5bf69d7089401b
├── [1.4M]  CVE-2019-19393.pdf
└── [1.2K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →