2 matches found
NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability
Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser sessio...
NethServer 7.3.1611 - Cross-Site Request Forgery (Create User Enable SSH Access)
NethServer 7.3.1611 - Cross-Site Request Forgery Create User Enable SSH Access HTML Decoded PoC: history.pushState'', '', '/' input type="hidden" name="AccountUsercreategrou...