Submeter #110406: iDSecure Stored Cross-Site Scripting in "Dispositivos>Adicionar" field "IP/DNS".informação

TítuloiDSecure Stored Cross-Site Scripting in "Dispositivos>Adicionar" field "IP/DNS".
DescriçãoThe latest software version: https://www.controlid.com.br/controle-de-acesso/software/ Has a Stored Cross-Site Scripting vulnerability in the "IP/DNS" field under "Devices/Dispositivos" PoC: 1 - After installing the software, open it, it will open in: https://localhost:30443/ 2 - Go to "Devices/Dispositivos" then click "Add", then enter this payload in the IP/DNS field: "><img src=x onerror=alert()> 3 - Click "Save" and see that whenever you access the "Devices/Dispositivos" tab or https://localhost:30443/#/list_terminals, Stored Cross-Site Scripting will be activated.
Fonte⚠️ https://www.controlid.com.br/controle-de-acesso/software/
Utilizador
 Stux (UID 40142)
Submissão05/04/2023 14h52 (há 3 anos)
Moderação14/04/2023 08h56 (9 days later)
EstadoAceite
Entrada VulDB225922 [Control iD iDSecure 4.7.29.1 Dispositivos Page IP-DNS Script de Site Cruzado]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!