| 제목 | 合肥屏播网络科技有限公司 GotoHTTP 10.2 xss |
|---|
| 설명 | A reflected Cross-Site Scripting (XSS) vulnerability exists in the /reg.12x endpoint of the GotoHTTP remote control platform. The sn parameter in HTTP GET requests is improperly sanitized and directly echoed back to the client in the error message response without HTML encoding. An unauthenticated attacker can exploit this vulnerability by crafting a malicious URL containing arbitrary JavaScript code in the sn parameter. When a victim clicks the crafted link, the injected script executes in the victim's browser context, potentially leading to session hijacking, credential theft, arbitrary actions performed on behalf of the victim, or information disclosure.
Proof of Concept (PoC):
https://tohttp.com/reg.12x?c=1&sn=%3Cscript%3Ealert(%27xss%27)%3C/script%3E
The JavaScript code alert('xss') is executed in the victim's browser context when the crafted link is clicked. |
|---|
| 원천 | ⚠️ https://github.com/Qq1111111111/CVE/issues/1 |
|---|
| 사용자 | songmaoyang (UID 98606) |
|---|
| 제출 | 2026. 05. 29. AM 05:44 (1 월 ago) |
|---|
| 모더레이션 | 2026. 06. 28. AM 11:31 (1 month later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 374544 [GotoHTTP 까지 10.2 /reg.12x sn 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|