提交 #493666: Konica Minolta Web Connection bizhub C368 Cross-Site Request Forgery信息

标题Konica Minolta Web Connection bizhub C368 Cross-Site Request Forgery
描述A unprotected page for authentication can leads to trigger cross site scripting. Attack vector(s) 1. Once the attacker finds the unprotected printer page, navigate to "Box" option found on home page. 2. Click on "User Box List" and register a box. 3. It will show under "User Box list", there click on delete, it will ask for the confirmation, click "ok" and intercept the request then drop it after making csrf POC. 4. Now open the CSRF poc file and trigger the request, it can be seen that the Box has been deleted.
来源⚠️ https://drive.google.com/file/d/1pECiiSWdB_ERzzGrc--WY63IzZxR6i6L/view
用户
 Upasana (UID 12274)
提交2025-02-02 10時36分 (1 年前)
管理2025-06-09 07時47分 (4 months later)
状态已接受
VulDB条目311656 [Konica Minolta bizhub 直到 20250202 跨网站请求伪造]
积分20

Want to know what is going to be exploited?

We predict KEV entries!