Title | Control iD RH iD v23.3.19.0 - Authenticated Stored Cross-Site Scripting in the "Name" field in the "/v2/#/add/department" function |
---|
Description | Control iD's RH iD product has a Cross-Site Scripiting vulnerability stored in the "Name" field in the "/v2/#/add/department" function and is triggered in the "/v2/#/list/department" endpoint.
Product URL:
https://www.controlid.com.br/relogio-de-ponto/rhid/
https://rhid.com.br/
This vulnerability is authenticated.
Here is the PoC:
Youtube link:
https://youtu.be/4JOLhAuoizE
Please do not share the PoC link.
I am available to answer questions related to the vulnerability. |
---|
Source | ⚠️ https://www.controlid.com.br/relogio-de-ponto/rhid/ |
---|
User | Stux (ID 40142) |
---|
Submission | 18.04.2023 16:42 (1 Year ago) |
---|
Moderation | 28.04.2023 19:06 (10 days later) |
---|
Status | принято |
---|
VulDB Entry | 227718 |
---|