NotajaxH1:1825942U.S. Dept Of Defense: XSS on ( █████████.gov ) Via URL path
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
72.2%
Hi team,
I was able to execute XSS on ███████.gov
Steps to produce -
1 -Turn on the burp intercepter
2- Go to https://██████.gov/xapi/statements?file"><script>alert(document.domain)</script>
3- In Intercepter add the following Headers
Authorization: Basic eGFwaS10b29sczp4YXBpLXRvb2xz
X-Experience-Api-Version: 1.0.1
4- when you send this GET request you will receive a response with XSS payload executed.
Impact
An attacker can send the malicious link to victims and steals victims’ cookie leading to account takeover.
System Host(s)
Affected Product(s) and Version(s)
CVE Numbers
CVE-2021-41878
Steps to Reproduce
I have attached the Video POC, please check it out.
Suggested Mitigation/Remediation Actions
sanitize the inputs in the URL
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
72.2%