Vendor: OPT/NET BV
Product: OPTOSS Next Gen Network Management System (NG-NetMS)
Version affected: NG-NetMS v3.6-2 and earlier versions
Opt/Net develops Next Gen Network Management System (NG-NetMS). This is a new web based end-to-end management tool. This project is nearly 14 years old and already proved to be indispensable tool for rapid data collection during audits and network infrastructure assessments.
This product provides near real-time visibility of the networks and ITC infrastructures and interconnected computing resources.
- CVE ID: CVE-2019-1000024
- CWE ID: CWE-79
#Proof of Concept
Multiple reflected cross-site scripting (XSS) vulnerabilities were discovered in the product.
The following Proof of Concept (PoC) demonstrates the attack as well as displaying evidence of the script payload being returned in the response.