提交 #493653: Konica Minolta Web Connection bizhub C368 Cross Site Scripting信息

标题Konica Minolta Web Connection bizhub C368 Cross Site Scripting
描述A unprotected page for authentication can leads to trigger cross site scripting. Attack vector(s) 1. Once the attacker finds the unprotected printer page, navigate to a feature "Register MFP Unit Number" on top right. 2. Enter any IP and a model name in the text field, click on "OK>OK" 3. Now navigate to "Display MFP Information List" from the same option and edit the fields. 4. Enter the XSS payload (;"><h1 onmouseover=alert(1)>click</h1>) in "Model Name" input text and save. 5. It can be seen that the payload has been executed after saving.
来源⚠️ https://drive.google.com/file/d/1A0JEnmnUGNjGsizRu99uz2ynqQ3v9ZKB/view
用户
 Upasana (UID 12274)
提交2025-02-02 10時06分 (1 年前)
管理2025-06-09 07時47分 (4 months later)
状态已接受
VulDB条目311655 [Konica Minolta bizhub 直到 20250202 Display MFP Information List Model Name 跨网站脚本]
积分20

Do you want to use VulDB in your project?

Use the official API to access entries easily!