Lucene search

K

Cyclos 4.14.7 - (groupId) DOM Based Cross-Site Scripting Vulnerability

๐Ÿ—“๏ธย 12 May 2022ย 00:00:00Reported byย Tin PhamTypeย 
zdt
ย zdt
๐Ÿ”—ย 0day.today๐Ÿ‘ย 195ย Views

Cyclos 4.14.7 'groupId' DOM-based XSS Vulnerabilit

Show more
Related
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2021-31673
1 May 202223:08
โ€“cvelist
Exploit DB
Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)
11 May 202200:00
โ€“exploitdb
CNVD
Cyclos 4 PRO Cross-Site Scripting Vulnerability
7 May 202200:00
โ€“cnvd
NVD
CVE-2021-31673
2 May 202200:15
โ€“nvd
Prion
Cross site scripting
2 May 202200:15
โ€“prion
CVE
CVE-2021-31673
2 May 202200:15
โ€“cve
Packet Storm
Cyclos 4.14.7 Cross Site Scripting
11 May 202200:00
โ€“packetstorm
# Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)
# Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services
# Vendor Homepage: https://www.cyclos.org/
# Version: Cyclos 4.14.7 (and prior)
# Tested on: Ubuntu
# CVE : CVE-2021-31673

# Description: 
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and prior allows remote attackers to inject arbitrary web script or HTML via the 'groupId' parameter.

# Steps to reproduce: 
An attacker sends a draft URL

[IP]/#users.users.public-registration!groupId=1%27%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E to victim.

When a victim opens the URL, XSS will be triggered.

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo