Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
# Faraday Edge Networks Reflected Cross Site Scripting Vulnerability - CVE-2021-27338
# Detail
In cases where the information provided by the user in web applications cannot be properly processed or controlled by the application,
unauthorized persons can make the script codes they want to run on the vulnerable page.
XSS vulnerability occurs when the requested client-based code can be run in the user's browser by embedding client-based code between HTML codes.
In the stored XSS attack, the input prepared by the attacker is stored on the system, XSS vulnerability will be triggered when the target person visits this page.
With XSS vulnerability, operations such as stealing session information, redirecting to another page and exposing them to phishing attacks can be performed.
# Solution Proposal
XSS attacks can be prevented by properly filtering (whitelist) inputs sent by users and encoding the generated output properly.
# Vendor of Product
Faraday Networks
Faraday Edge 3.6 is affected. Fixed version is 3.7.
# Affected Component
When the network is created on the http://<example.com>/network/create/ page, the XSS payload is entered and someone who enters the page later will explode the XSS.
# CVE Impact Other
Allows an attacker to execute arbitrary HTML and JavaScript code.
# Attack Vectors
To exploit the vulnerability somone just need to visit page.
# Reference
https://www.faraday.net/products/faradayedge