Gửi #493653: Konica Minolta Web Connection bizhub C368 Cross Site Scriptingthông tin

tiêu đềKonica Minolta Web Connection bizhub C368 Cross Site Scripting
Mô tảA unprotected page for authentication can leads to trigger cross site scripting. Attack vector(s) 1. Once the attacker finds the unprotected printer page, navigate to a feature "Register MFP Unit Number" on top right. 2. Enter any IP and a model name in the text field, click on "OK>OK" 3. Now navigate to "Display MFP Information List" from the same option and edit the fields. 4. Enter the XSS payload (;"><h1 onmouseover=alert(1)>click</h1>) in "Model Name" input text and save. 5. It can be seen that the payload has been executed after saving.
Nguồn⚠️ https://drive.google.com/file/d/1A0JEnmnUGNjGsizRu99uz2ynqQ3v9ZKB/view
Người dùng
 Upasana (UID 12274)
Đệ trình02/02/2025 10:06 (cách đây 1 Năm)
Kiểm duyệt09/06/2025 07:47 (4 months later)
Trạng tháiđược chấp nhận
Mục VulDB311655 [Konica Minolta bizhub đến 20250202 Display MFP Information List Model Name Tập lệnh chéo trang]
điểm20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!