Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE-2021-27338/CVE-2021-27338
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
28 lines (20 sloc)
1.41 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Faraday Edge Networks Reflected Cross Site Scripting Vulnerability - CVE-2021-27338 | |
| # Detail | |
| In cases where the information provided by the user in web applications cannot be properly processed or controlled by the application, | |
| unauthorized persons can make the script codes they want to run on the vulnerable page. | |
| XSS vulnerability occurs when the requested client-based code can be run in the user's browser by embedding client-based code between HTML codes. | |
| In the stored XSS attack, the input prepared by the attacker is stored on the system, XSS vulnerability will be triggered when the target person visits this page. | |
| With XSS vulnerability, operations such as stealing session information, redirecting to another page and exposing them to phishing attacks can be performed. | |
| # Solution Proposal | |
| XSS attacks can be prevented by properly filtering (whitelist) inputs sent by users and encoding the generated output properly. | |
| # Vendor of Product | |
| Faraday Networks | |
| Faraday Edge 3.6 is affected. Fixed version is 3.7. | |
| # Affected Component | |
| When the network is created on the http://<example.com>/network/create/ page, the XSS payload is entered and someone who enters the page later will explode the XSS. | |
| # CVE Impact Other | |
| Allows an attacker to execute arbitrary HTML and JavaScript code. | |
| # Attack Vectors | |
| To exploit the vulnerability somone just need to visit page. | |
| # Reference | |
| https://www.faraday.net/products/faradayedge |