提交 #631121: Portabilis i-diario 1.5.0 Cross Site Scripting (XSS) Reflected信息

标题Portabilis i-diario 1.5.0 Cross Site Scripting (XSS) Reflected
描述# Cross-Site Scripting (XSS) Reflected endpoint /registros-de-conteudos-por-areas-de-conhecimento/[ID] parameter 'Conteúdos' ### Summary A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `/registros-de-conteudos-por-areas-de-conhecimento/[ID]` endpoint of the i-diario application. This vulnerability allows attackers to inject malicious scripts in `'Conteúdos'` parameter. ### Details Vulnerable Endpoint: `/registros-de-conteudos-por-areas-de-conhecimento/[ID]` Parameter: `'Conteúdos'` The application fails to validate and sanitize user inputs in the `'Conteúdos'` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. ### PoC Payload `<script>alert('PoC-XXS3')</script>` ![[Pasted image 20250702161303.png]] ### Impact Reflected cross-site scripting (XSS) attacks can have serious consequences, including: - User actions: Attackers can perform any action the user can, such as viewing, modifying, or initiating interactions with other users - Data theft: Attackers can exfiltrate data or install malware on the user's machine - Account compromise: Attackers can manipulate or steal cookies, or compromise confidential information - Malicious code: Attackers can execute malicious code on the user's system - Business reputation damage: Attackers can deface a corporate website or spread misinformation - Misdirection: Attackers can change the instructions given to users, which can be dangerous if the target is a government website or provides vital resources
来源⚠️ https://github.com/marcelomulder/CVE/blob/main/i-diario/Reflected%20XSS%20endpoint%20.registros-de-conteudos-por-areas-de-conhecimento.(ID)%20parameter%20&#039;Conte%C3%BAdos&#039;.md
用户
 marceloQz (UID 87549)
提交2025-08-09 08時31分 (11 月前)
管理2025-08-20 12時54分 (11 days later)
状态重复
VulDB条目319314 [Portabilis i-Diario 直到 1.5.0 Registro das atividades registros-de-conteudos-por-areas-de-conhecimento Registro de atividades/Conteúdos 跨网站脚本]
积分0

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!