Lucene search
+L

Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS

🗓️ 05 Mar 2024 00:00:00Reported by Vincent McRae, Mesut CetinType 
exploitdb
 exploitdb
🔗 www.exploit-db.com👁 342 Views

Stored XSS in Solar-Log 200 3.6.0 web panel, CVE-2023-4634

Related
Code
ReporterTitlePublishedViews
Family
0day.today
Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019 - Stored XSS Vulnerability
5 Mar 202400:00
zdt
Circl
CVE-2023-46344
3 Jan 202420:40
circl
CNNVD
Solar-Log GmbH Cross-Site Scripting Vulnerability
2 Feb 202400:00
cnnvd
CVE
CVE-2023-46344
2 Feb 202400:00
cve
Cvelist
CVE-2023-46344
2 Feb 202400:00
cvelist
EUVD
EUVD-2023-50564
3 Oct 202520:07
euvd
ICS
Solar-Log Base 15
29 Oct 202406:00
ics
NVD
CVE-2023-46344
2 Feb 202402:15
nvd
OSV
CVE-2023-46344
2 Feb 202402:15
osv
Packet Storm
Solar-Log 200 PM+ 3.6.0 Cross Site Scripting
5 Mar 202400:00
packetstorm
Rows per page
# Exploit Title: Stored XSS in Solar-Log 200 3.6.0 web panel
# Date: 10-30-23
# Exploit Author: Vincent McRae, Mesut Cetin - Redteamer IT Security
# Vendor Homepage: https://www.solar-log.com/en/
# Version: Solar-Log 200 PM+ 3.6.0 Build 99 - 15.10.2019
# Tested on: Proprietary devices: https://www.solar-log.com/en/support/firmware/
# CVE: CVE-2023-46344

# POC:

1. Go to solar panel
2. Go to configuration -> Smart Energy -> "drag & drop" button.
3. Change "name" to: <xss onmouseenter="alert(document.cookie)"
style=display:block>test</xss>
4. Once you hover over "test", you get XSS -> if a higher privileged
user hovers over it, we can get their cookies.

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

05 Mar 2024 00:00Current
5.6Medium risk
Vulners AI Score5.6
CVSS 3.15.4
EPSS0.00446
SSVC
342