Submit #310642: iboss Seure Web Gateway < 10.2.0 Stored cross-site scripting (XSS)info

Titleiboss Seure Web Gateway < 10.2.0 Stored cross-site scripting (XSS)
DescriptionStored cross-site scripting (XSS) in the login interface of iboss's Secure Web Gateway on versions before 10.2.0 allows remote attackers to inject arbitrary JavaScript via the redirectUrl parameter. See link to detailed explanation and proof of concept.
Source⚠️ https://github.com/modrnProph3t/PoC/blob/main/iboss-stored-XSS.md
User
 Anonymous User
Submission04/04/2024 15:26 (1 Year ago)
Moderation04/05/2024 17:00 (1 day later)
StatusAccepted
VulDB Entry259501 [iboss Secure Web Gateway up to 10.1 Login Portal /login redirectUrl cross site scripting]
Points17

Do you want to use VulDB in your project?

Use the official API to access entries easily!