You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A reflected cross-site scripting (XSS) vulnerability was found in AcuToWeb server/10.5.0.7577c8b. An attacker can exploit this vulnerability to inject malicious JS code into an HTML page, which is then executed by a webmaster or administrator whenaccessing a URL with a payload.
Details
The parameters are reflected in the script tag of the page, which we can pass; String to end the previous statement and insert malicious js code.
The vulnerability occurs because the portgw parameter is only escaped with double quotes and Angle brackets.
POC
http://ip:port/?portgw=80089948;%20alert(1)
Note
I contacted OpenText about this vulnerability back in January 2024, but they have not responded at all.
The text was updated successfully, but these errors were encountered:
Summary
A reflected cross-site scripting (XSS) vulnerability was found in AcuToWeb server/10.5.0.7577c8b. An attacker can exploit this vulnerability to inject malicious JS code into an HTML page, which is then executed by a webmaster or administrator whenaccessing a URL with a payload.
Details
The parameters are reflected in the script tag of the page, which we can pass; String to end the previous statement and insert malicious js code.
The vulnerability occurs because the portgw parameter is only escaped with double quotes and Angle brackets.
POC
http://ip:port/?portgw=80089948;%20alert(1)Note
I contacted OpenText about this vulnerability back in January 2024, but they have not responded at all.
The text was updated successfully, but these errors were encountered: