0ozero0BAAE3180-B63B-4880-B2AF-1A3F30056C2BStored/Reflected XSS when add new domain
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
12.3%
#Description
there is an XSS vulnerability that malicious script is injected directly in list of domain
Proof of Concept
1//go to admin/domains/
2/ click add to add a new domain
3/ in name section add this payload "><img> and you can see payload executed
POC
https://drive.google.com/file/d/1wfKb3Ath3nI-KOL8VJVjK6hYDm2rpNeZ/view?usp=sharing
https://drive.google.com/file/d/1oFkYWuAwKlSXjCSC_IzTT46TVSe_UK4m/view?usp=sharing
Related
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
0.0004 Low
EPSS
Percentile
12.3%