CVE-2018-19768

Vulnerability

InfoVista VistaPortal SE Version 5.1 (build 51029) contains a reflected cross-site scripting (XSS) vulnerability in the SubPagePackages.jsp page. The ConnPoolName and GroupId parameters are not properly sanitized before being echoed back in the response, allowing an attacker to inject arbitrary HTML or JavaScript. [1]

Exploitation

An attacker can craft a malicious URL containing XSS payloads in the ConnPoolName or GroupId parameters and trick a logged-in user into clicking it. No prior authentication beyond the victim's session is required for exploitation, but the victim must be authenticated to the application for the injected script to execute within their session context. [1]

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session within VistaPortal SE. This can lead to session hijacking, defacement, or redirection to malicious sites, potentially compromising sensitive data accessible through the victim's session. [1]

Mitigation

As of the publication date (December 17, 2018), no official patch or updated version has been disclosed by the vendor in available references. Input validation and output encoding for the ConnPoolName and GroupId parameters should be implemented as a workaround. The application may be end-of-life or unmaintained; organizations should verify vendor support status. [1]