/
CVE-2020-21731
42 lines (22 loc) · 928 Bytes
/
CVE-2020-21731
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
⬤ Vulnerability Type:
Cross Site Scripting (XSS)
⬤ Affected Component:
http://192.168.100.7/gazie/modules/config/admin_utente.php?u
ser_name=amministratore&Update
⬤ Attack Type: Remote
⬤ Impact Code execution: true
⬤ Attack Vectors:
User profile surname and name fields, vulnerable to xss. Attacker
can inject JavaScript code this field, and the webapplication
stored the injected code.
⬤ Reference:
http://gazie.com http://gazie.devincentiis.it/
⬤ Vendor of Product:
http://gazie.devincentiis.it/
⬤ Affected Product Code Base:
Gazie 7.29
⬤ Suggested description:
Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update.
An attacker can inject JavaScript code, and the webapplication stores the injected code.
sub.zer0d4y@gmail.com
Use CVE-2020-21731 for this vulnerability.