| 제목 | Control iD RH iD v23.3.19.0 - Authenticated Stored Cross-Site Scripting in the "Name" field in the "/v2/#/add/department" function |
|---|
| 설명 | Control iD's RH iD product has a Cross-Site Scripiting vulnerability stored in the "Name" field in the "/v2/#/add/department" function and is triggered in the "/v2/#/list/department" endpoint.
Product URL:
https://www.controlid.com.br/relogio-de-ponto/rhid/
https://rhid.com.br/
This vulnerability is authenticated.
Here is the PoC:
Youtube link:
https://youtu.be/4JOLhAuoizE
Please do not share the PoC link.
I am available to answer questions related to the vulnerability. |
|---|
| 원천 | ⚠️ https://www.controlid.com.br/relogio-de-ponto/rhid/ |
|---|
| 사용자 | Stux (UID 40142) |
|---|
| 제출 | 2023. 04. 18. PM 04:42 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 04. 28. PM 07:06 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 227718 [Control iD RHiD 23.3.19.0 /v2/#/add/department 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|