Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Disclosed/CVE-2022-30519
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
30 lines (17 sloc)
1.63 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Cross-Site Scripting (XSS) | |
| # Detailed Description: | |
| Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data. | |
| # Exploit Author: Mohammed A.Siledar | |
| # Version: rlm.v14.2BL4 | |
| # Authentication Required: No | |
| # CVE : CVE-2022-30519 | |
| # Tested on: Windows 10 | |
| Impact: | |
| The impact of cross-site scripting vulnerabilities can vary from one web application to another. It ranges from session hijacking to credential theft and other security vulnerabilities. By exploiting a cross-site scripting vulnerability, an attacker can impersonate a legitimate user and take over their account. | |
| If the victim user has administrative privileges, it might lead to severe damage such as modifications in code or databases to further weaken the security of the web application, depending on the rights of the account and the web application. | |
| Here are some of the most common impacts of cross-site scripting attacks: | |
| 1. Account Hijacking | |
| 2. Credential Theft | |
| 3. Data Leakage | |
| # Poc code | |
| Note: Vulnerability has been fixed by upgrading version of software. |