vendor:
https://github.com/slims/slims9_bulian/releases/tag/v9.5.2
by:
nu11secur1ty
N/A
CVSS
HIGH
Cross-Site Scripting (XSS)
CWE
Product Name: https://github.com/slims/slims9_bulian/releases/tag/v9.5.2
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2023
SLIMSV 9.5.2 – Cross-Site Scripting (XSS)
The value of manual insertion 'point 3' is copied into the HTML document as plain text between tags. The payload udz21<script>alert(1)</script>rk346 was submitted in manual insertion point 3. This input was echoed unmodified in the application's response. The attacker can trick the already logged-in user, to visit the exploit link that this attacker is created, and if this already logged-in user is not actually IT or admin, this will be the end of this system.