제출 #115718: Control iD RH iD v23.3.19.0 - Authenticated Stored Cross-Site Scripting in the "Name" field in the "/v2/#/add/department" function정보

제목Control iD RH iD v23.3.19.0 - Authenticated Stored Cross-Site Scripting in the "Name" field in the "/v2/#/add/department" function
설명Control iD's RH iD product has a Cross-Site Scripiting vulnerability stored in the "Name" field in the "/v2/#/add/department" function and is triggered in the "/v2/#/list/department" endpoint. Product URL: https://www.controlid.com.br/relogio-de-ponto/rhid/ https://rhid.com.br/ This vulnerability is authenticated. Here is the PoC: Youtube link: https://youtu.be/4JOLhAuoizE Please do not share the PoC link. I am available to answer questions related to the vulnerability.
원천⚠️ https://www.controlid.com.br/relogio-de-ponto/rhid/
사용자
 Stux (UID 40142)
제출2023. 04. 18. PM 04:42 (3 연령 ago)
모더레이션2023. 04. 28. PM 07:06 (10 days later)
상태수락
VulDB 항목227718 [Control iD RHiD 23.3.19.0 /v2/#/add/department 이름 크로스 사이트 스크립팅]
포인트들20

Might our Artificial Intelligence support you?

Check our Alexa App!