| 제목 | ControlID XSS Stored |
|---|
| 설명 | Stored XSS (Cross-Site Scripting) vulnerability was found in some ControlID models, this vulnerability allows remote authenticated privileged users to store XSS payloads via web interface.
Accessing the ControlID panel with the default credential, you can register a new user in the application.
Because the past value is placed directly in the body of the page, to perform the test, javascript code was passed as the user's name.
Because the application does not perform any filter on the past content, the code was inserted into the application and executed.
https://www.notion.so/ControlID-XSS-7ab891644a794103b582a59360f071a5 |
|---|
| 원천 | ⚠️ https://www.controlid.com.br/ |
|---|
| 사용자 | Leonardo Teodoro (UID 38554) |
|---|
| 제출 | 2023. 01. 09. PM 02:51 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 01. 09. PM 09:51 (7 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 217717 [Control iD Gerencia Web 1.30 Web Interface Nome 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 15 |
|---|