जमा करें #115718: Control iD RH iD v23.3.19.0 - Authenticated Stored Cross-Site Scripting in the "Name" field in the "/v2/#/add/department" functionजानकारी

शीर्षकControl iD RH iD v23.3.19.0 - Authenticated Stored Cross-Site Scripting in the "Name" field in the "/v2/#/add/department" function
विवरणControl iD's RH iD product has a Cross-Site Scripiting vulnerability stored in the "Name" field in the "/v2/#/add/department" function and is triggered in the "/v2/#/list/department" endpoint. Product URL: https://www.controlid.com.br/relogio-de-ponto/rhid/ https://rhid.com.br/ This vulnerability is authenticated. Here is the PoC: Youtube link: https://youtu.be/4JOLhAuoizE Please do not share the PoC link. I am available to answer questions related to the vulnerability.
स्रोत⚠️ https://www.controlid.com.br/relogio-de-ponto/rhid/
उपयोगकर्ता
 Stux (UID 40142)
सबमिशन18/04/2023 04:42 PM (3 साल पहले)
संयम28/04/2023 07:06 PM (10 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि227718 [Control iD RHiD 23.3.19.0 /v2/#/add/department नाम क्रॉस साइट स्क्रिप्टिंग]
अंक20

Do you want to use VulDB in your project?

Use the official API to access entries easily!