These bugs allow remote attackers to implement/inject malicious script code on the application side (persistent). The
first vulnerability is located in the user remote password and pre-shared secret input fields & user account output listing. The secound vulnerability is located in the VPN Certificate emailAddress & subject with affect on the VPN Details Listing section. Successful exploitation of the vulnerability can lead to session hijacking (manager/admin), persistent phishing & stable (persistent) context manipulation in vulnerable modules or bound application sections. Exploitation requires low user inter action & a privileged application account.
Proof of Concept:
The persistent input validation vulnerabilities can be exploited by remote attackers with privileged user account & low required user inter action. For demonstration or reproduce ...
To bypass the invalid argument filter exception use an onload iframe to request your external content with cookies. Standard frames and script tags with double quotes will be blocked by the invalid argument exception & validation. To verify the bypass use also the wrong standard strings for the invalid argument validation.
Locations: remotePW_hidden, identity, form input desc, fullName, Pre-shared Secret, & emailAddress
Good Example Bypass String: "><x src=http://www.vuln-lab.com onload=alert("GTA") < or "><x
src=http://www.vuln-lab.com onload=alert(document.cookie) <
Wrong Example Bypass String: >"<iframe src=http://google.com> or <script>alert("TEST")</script>