Dell SecureWorks Security Advisory SWRX-2012-002

Advisory Information

  • Title: Imperva SecureSphere persistent cross-site scripting vulnerability
  • Advisory ID: SWRX-2012-002
  • Date published: Tuesday, February 14, 2012
  • CVE: CVE-2011-4887
  • CVSS v2 base score: 4.3
  • Date of last update: Tuesday, February 14, 2012
  • Vendors contacted: Imperva
  • Release mode: Coordinated
  • Discovered by: Roger Wemyss, Dell SecureWorks


A vulnerability exists in Imperva SecureSphere due to improper sanitization of the "username" field in the Violations Table. Malicious content is not properly sanitized before being stored and is later returned to an administrator in dynamically generated web content. Remote attackers could leverage this vulnerability to conduct persistent cross-site scripting attacks. When a user navigates to the Violations page within the SecureSphere administrative GUI, the content of the "username" field is loaded into the affected JavaScript array and is executed in the user's browser session. Successful exploitation may aid an attacker in retrieving session cookies, stealing recently submitted data, or launching further attacks.

Download the PDF

PGP Signature (PC Users: You may need to right click your mouse and select "Save As")

SecureWorks CTU Public Key