提出 #493653: Konica Minolta Web Connection bizhub C368 Cross Site Scripting情報

タイトルKonica Minolta Web Connection bizhub C368 Cross Site Scripting
説明A unprotected page for authentication can leads to trigger cross site scripting. Attack vector(s) 1. Once the attacker finds the unprotected printer page, navigate to a feature "Register MFP Unit Number" on top right. 2. Enter any IP and a model name in the text field, click on "OK>OK" 3. Now navigate to "Display MFP Information List" from the same option and edit the fields. 4. Enter the XSS payload (;"><h1 onmouseover=alert(1)>click</h1>) in "Model Name" input text and save. 5. It can be seen that the payload has been executed after saving.
ソース⚠️ https://drive.google.com/file/d/1A0JEnmnUGNjGsizRu99uz2ynqQ3v9ZKB/view
ユーザー
 Upasana (UID 12274)
送信2025年02月02日 10:06 (1 年 ago)
モデレーション2025年06月09日 07:47 (4 months later)
ステータス承諾済み
VulDBエントリ311655 [Konica Minolta bizhub 迄 20250202 Display MFP Information List Model Name クロスサイトスクリプティング]
ポイント20

Interested in the pricing of exploits?

See the underground prices here!