Here is an example of an arbitrary string:
The attack constitutes of the following steps
- An attacker crafts a specific authenticated GET request of System Center with XSS payload and either tricks the victim to access the special URL or tricks the user to access a phishing scam that triggers the specific request.
- The authenticated victim loads/reloads the homepage.
Note: The attack is applicable to any viewID value and every request with SpaceID query string parameter.
Implement strict input validation. Only integers are accepted as SpaceID, so the data type check against the input is sufficient to remediate the vulnerability.
We have added a check to ensure that the SpaceID is a supported value only (1001 and 1002), else the data in the tree is empty.
Reflected Cross Site Scripting, Content Spoofing