| tiêu đề | Cross-Frame Scripting (XFS) - NeoMind Fusion Platform |
|---|
| Mô tả | A XFS vulnerability was found at NeoMind Fusion Platform, when we requested the URI /fusion/portal/action/Link?link=<Link> we figured out that the link parameter was reflected at an iframe, without any kind of sanitization. It was necessary to be logged in the application.
Attack Vector:
It was possible to use this URL to send to any user that have access to this application.
Credits:
Lucas Silveira, Luigi Polidório, Red Team Softwall |
|---|
| Nguồn | ⚠️ https://l6x.notion.site/PoC-9f23bb9757374f82981de81604500d98?pvs=4 |
|---|
| Người dùng | LuigiSoftwall (UID 51872) |
|---|
| Đệ trình | 31/07/2023 18:34 (cách đây 3 những năm) |
|---|
| Kiểm duyệt | 25/08/2023 09:27 (25 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 238026 [NeoMind Fusion Platform đến 20230731 Link Liên kết Tập lệnh chéo trang] |
|---|
| điểm | 17 |
|---|