Open
Description
Version: 3.5.1
Description
An authenticated malicious user can take advantage of a Stored XSS vulnerability in "Create Site Groups" function in the "Organization" feature.
Proof of Concept
Step 1: Go to /dcim/site-groups/, click "Add" and insert payload "<img src=1 onerror='alert(document.cookie)'/>" in "Name" field.
Step 2: Go to /dcim/sites/, click "Add" and select "Group"
**Step 3: Script excuted
Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user.
Metadata
Metadata
Assignees
Labels
No labels


