Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrAmal03-bitBABD73CA-6C80-4145-8C7D-33A883FE606B
HistoryAug 03, 2023 - 11:21 a.m.

Stored HTML injection

2023-08-0311:21:42
amal03-bit
www.huntr.dev
8
stored html injection
exploiting input fields
malicious code
web applications
user data
site integrity
prevention measures
hidden web threat
resource manipulation

0.0004 Low

EPSS

Percentile

14.0%

JSON

Description

Stored HTML Injection: A Hidden Web Threat. Learn how attackers exploit input fields to inject malicious code into web applications, jeopardizing user data and site integrity. Discover crucial prevention measures to safeguard against this insidious vulnerability.

#Step to reproduce

  1. Login to froxlor as admin
  2. Under the resource go to Hosting plans  and Add new plan  
  3. In the plan name field  add the HTML payload and save it  
  4. once after saving the plan we can see that  the payload is working

Proof of Concept

https://drive.google.com/file/d/1zAKGmVoxwmzXZbi6S4TZs9ZA3A7VhXxJ/view?usp=sharing

Related

cvelist 1
nvd 1
osv 2
veracode 1
github 1
cve 1
prion 1
cvelist
cvelist
CVE-2023-4829 Cross-site Scripting (XSS) - Stored in froxlor/froxlor
2023-10-13 12:24:05
nvd
nvd
CVE-2023-4829
2023-10-13 13:15:12
osv
osv
Cross-site Scripting (XSS) in froxlor/froxlor
2023-10-13 15:30:19
CVE-2023-4829
2023-10-13 13:15:12
veracode
veracode
Cross-site Scripting
2023-10-16 06:20:37
github
github
Cross-site Scripting (XSS) in froxlor/froxlor
2023-10-13 15:30:19
cve
cve
CVE-2023-4829
2023-10-13 13:15:12
prion
prion
Cross site scripting
2023-10-13 13:15:00

0.0004 Low

EPSS

Percentile

14.0%

JSON
Related for BABD73CA-6C80-4145-8C7D-33A883FE606B
cvelist1nvd1osv2veracode1github1cve1prion1