SolusVM – Edit DNS Stored XSS Vulnerability (R911-0180)

Type: Stored XSS
Location: Remote
Impact: Low
Product: SolusVM
Website: http://www.solusvm.com
Vulnerable Version: 1.16.10
Fixed Version: 1.16.11
CVE: -
R911: 0180
Date: 2015-06-13
By: RACK911 Labs

[B]Product Description:

Solus Virtual Manager (SolusVM) is a powerful GUI based VPS management system with full OpenVZ, Linux KVM, Xen Paravirtualization and Xen HVM support. SolusVM allows you and your clients to manage a VPS cluster with security & ease.

[B]Vulnerability Description:

Due to user input not being sanitized, it is possible for a malicious user to embed HTML code within the Edit DNS feature (PowerDNS) that can then be turned into an XSS vulnerability.

[B]Impact:

We have deemed this vulnerability to be rated as LOW due to the fact that the DEFAULT settings have proper protection to reduce the risk of an admin level compromise.

[B]Vulnerable Version:

This vulnerability was tested against SolusVM 1.16.10 and is believed to exist in all versions prior to the fixed builds below.

[B]Fixed Version:

This vulnerability was patched in SolusVM 1.16.11.

[B]Vendor Contact Timeline:

2015-06-10: Vendor contacted via email.
2015-06-10: Vendor confirms vulnerability.
2015-06-11: Vendor issues updates to all builds.
2015-06-13: RACK911 Labs issues security advisory.