header-logo
Suggest Exploit
vendor:
Network Tracker
by:
G13
8.5
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Network Tracker
Affected Version From: 0.95
Affected Version To: 0.95
Patch Exists: No
Related CWE: CVE-2011-3245
CPE: a:network_tracker:network_tracker:.95
Metasploit: https://www.rapid7.com/db/vulnerabilities/apple-ios-cve-2011-3245/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2011

Network Tracker .95 Stored XSS

The application contains a option which allows anyone to create a user. If this option is left enabled an attacker could launch a stored XSS attack against the vulnerable application. Network Tracker does not escape the data entry on the Description and Brand fields of a device. An attacker may enter <script>alert(100);</script> into these fields to cause the exploit.

Mitigation:

Disable the ability to create users or filter the data entry for special characters.
Source

Exploit-DB raw data:

# Exploit Title: Network Tracker .95 Stored XSS
# Date: 08-18-2011
# Author: G13
# Software link: http://networktracker.org/
# Version: .95

ISSUE

The application contains a option which allows anyone to create a user. 
If this option is left enabled an attacker could launch a stored XSS 
attack against the vulnerable application

Vulnerability:

Network Tracker does not escape the data entry on the Description and 
Brand fields of a device.  An attacker may enter 
<script>alert(100);</script> into these fields to cause the exploit.

Navigation

Suggest Exploit

Services By CQR