| عنوان | Facile Cloud Apps Facile Sistemas N/A Cross Site Scripting |
|---|
| الوصف | Vendor: https://facilesistemas.com.br/blog/
In this case, there is no specific version for the service
PoC:
An error is displayed in the password reset functionality that can be handled via URL. By inserting a payload into the manipulable value, in the reterros parameter, it was possible to exploit XSS.
XSS:
https://portal.example.com.br/account/forgotpassword?reterros=%22%3E%3Cscript%3Ealert(9)%3C/script%3E |
|---|
| المستخدم | c4ng4c3ir0 (UID 38456) |
|---|
| ارسال | 07/01/2025 02:05 PM (1 سنة منذ) |
|---|
| الاعتدال | 19/01/2025 08:47 PM (12 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 292596 [Facile Sistemas Cloud Apps حتى 20250107 Password Reset /account/forgotpassword reterros البرمجة عبر المواقع] |
|---|
| النقاط | 16 |
|---|