| 제목 | iodasweb iodas v7.2-LTS.4.1-JDK7, v7.2-RC3.2-JDK7 Cross Site Scripting |
|---|
| 설명 | Reflected XSS
????️ Description
A vulnerability pertaining to Reflected Cross-Site Scripting (XSS) has been identified in multiple versions of the IodasWeb application.
Severity: Medium
✅ Confirmed Affected Versions
v7.2-LTS.4.1-JDK7
v7.2-RC3.2-JDK7
???? Payload
https://WEBSITE.COM/astre/iodasweb/app.jsp?action=<img src=x onerror=alert(1)>
⚠️ Impact
The identified vulnerability results from insufficient input validation and improper output encoding, leading to a Reflected Cross-Site Scripting (XSS) issue. This allows an attacker to craft a malicious URL containing executable JavaScript code, which is reflected in the application’s response and executed in the victim’s browser.
???? Potential Consequences
Actions performed on behalf of authenticated users
Theft of session tokens
UI defacement
Redirection to malicious websites
Social engineering/phishing attacks
Unauthorized access to user accounts
This significantly undermines user trust and can lead to data compromise if exploited.
???? Recommendation
It's recommended to:
Sanitize and properly encode all user-supplied input.
Implement Content Security Policy (CSP).
Consider enabling the HttpOnly and Secure flags on cookies.
Review the WAF settings and behavior across all application version |
|---|
| 원천 | ⚠️ https://github.com/lam-sec/iodasweb-poc |
|---|
| 사용자 | lamouchi (UID 84095) |
|---|
| 제출 | 2025. 04. 22. PM 05:54 (12 개월 ago) |
|---|
| 모더레이션 | 2025. 05. 09. PM 04:44 (17 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 308232 [Inetum IODAS 7.2-LTS.4.1-JDK7/7.2-RC3.2-JDK7 /astre/iodasweb/app.jsp action 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|