| Titel | Facile Cloud Apps Facile Sistemas N/A Cross Site Scripting |
|---|
| Beschreibung | Vendor: https://facilesistemas.com.br/blog/
In this case, there is no specific version for the service
PoC:
An error is displayed in the password reset functionality that can be handled via URL. By inserting a payload into the manipulable value, in the reterros parameter, it was possible to exploit XSS.
XSS:
https://portal.example.com.br/account/forgotpassword?reterros=%22%3E%3Cscript%3Ealert(9)%3C/script%3E |
|---|
| Benutzer | c4ng4c3ir0 (UID 38456) |
|---|
| Einreichung | 07.01.2025 14:05 (vor 1 Jahr) |
|---|
| Moderieren | 19.01.2025 20:47 (12 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 292596 [Facile Sistemas Cloud Apps bis 20250107 Password Reset /account/forgotpassword reterros Cross Site Scripting] |
|---|
| Punkte | 16 |
|---|