Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrCupc4k32C3489F7-6B84-48F8-9368-9CEA67CF373D
HistoryFeb 15, 2023 - 11:07 p.m.

HTML injection leads to Open Redirect

2023-02-1523:07:14
cupc4k3
www.huntr.dev
6
html injection
open redirect
administrator login

0.002 Low

EPSS

Percentile

56.3%

JSON

Description

Hello, I have located an html injection in the symbol field:

Steps :
1 - log in as administrator
2 - Go to Options
3 - Go to Currencies
4 - Insert the html code in the symbol field and by inserting the following payload i was able to redirect the user to a malicious site. <a href=“http://evil.com”>CLICK ME</a>

Proof of Concept

Alt Text

Related

cvelist 1
nvd 1
github 1
osv 2
cve 1
prion 1
veracode 1
cvelist
cvelist
CVE-2023-1789 Improper Input Validation in firefly-iii/firefly-iii
2023-04-01 00:00:00
nvd
nvd
CVE-2023-1789
2023-04-01 02:15:07
github
github
Firefly III vulnerable to improper input validation
2023-04-01 03:30:16
osv
osv
CVE-2023-1789
2023-04-01 02:15:07
Firefly III vulnerable to improper input validation
2023-04-01 03:30:16
cve
cve
CVE-2023-1789
2023-04-01 02:15:07
prion
prion
Input validation
2023-04-01 02:15:00
veracode
veracode
Cross Site Scripting (XSS)
2023-04-17 12:46:59

0.002 Low

EPSS

Percentile

56.3%

JSON
Related for 2C3489F7-6B84-48F8-9368-9CEA67CF373D
cvelist1nvd1github1osv2cve1prion1veracode1