Submit #110406: iDSecure Stored Cross-Site Scripting in "Dispositivos>Adicionar" field "IP/DNS".Информация

TitleiDSecure Stored Cross-Site Scripting in "Dispositivos>Adicionar" field "IP/DNS".
DescriptionThe latest software version: https://www.controlid.com.br/controle-de-acesso/software/ Has a Stored Cross-Site Scripting vulnerability in the "IP/DNS" field under "Devices/Dispositivos" PoC: 1 - After installing the software, open it, it will open in: https://localhost:30443/ 2 - Go to "Devices/Dispositivos" then click "Add", then enter this payload in the IP/DNS field: "><img src=x onerror=alert()> 3 - Click "Save" and see that whenever you access the "Devices/Dispositivos" tab or https://localhost:30443/#/list_terminals, Stored Cross-Site Scripting will be activated.
Source⚠️ https://www.controlid.com.br/controle-de-acesso/software/
UserStux (ID 40142)
Submission05.04.2023 14:52 (1 Year ago)
Moderation14.04.2023 08:56 (9 days later)
Statusпринято
VulDB Entry225922

ПредыдущийОбзорДалее

Might our Artificial Intelligence support you?

Check our Alexa App!