Title | iDSecure Stored Cross-Site Scripting in "Dispositivos>Adicionar" field "IP/DNS". |
---|
Description | The latest software version:
https://www.controlid.com.br/controle-de-acesso/software/
Has a Stored Cross-Site Scripting vulnerability in the "IP/DNS" field under "Devices/Dispositivos"
PoC:
1 - After installing the software, open it, it will open in:
https://localhost:30443/
2 - Go to "Devices/Dispositivos" then click "Add", then enter this payload in the IP/DNS field:
"><img src=x onerror=alert()>
3 - Click "Save" and see that whenever you access the "Devices/Dispositivos" tab or https://localhost:30443/#/list_terminals, Stored Cross-Site Scripting will be activated. |
---|
Source | ⚠️ https://www.controlid.com.br/controle-de-acesso/software/ |
---|
User | Stux (ID 40142) |
---|
Submission | 05.04.2023 14:52 (1 Year ago) |
---|
Moderation | 14.04.2023 08:56 (9 days later) |
---|
Status | Akzeptiert |
---|
VulDB Entry | 225922 |
---|