Skip to content

g-rubert/CVE-2020-9461

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2020-9461

██╗  ██╗███████╗███████╗
╚██╗██╔╝██╔════╝██╔════╝
 ╚███╔╝ ███████╗███████╗
 ██╔██╗ ╚════██║╚════██║
██╔╝ ██╗███████║███████║
╚═╝  ╚═╝╚══════╝╚══════╝

Stored XSS - Oempro

Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.

Command:Media.CreateFolder

Request parameter:FolderName

Version: Oempro v4.7 <= v4.11

Researcher: Guilherme Rubert

Payload 

<marquee/onstart=alert("XSS")>



References

https://guilhermerubert.com/blog/cve-2020-9461/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9461

https://nvd.nist.gov/vuln/detail/CVE-2020-9461

https://www.octeth.com/

About

Stored Cross Site Scripting - Oempro

Resources

Readme
Activity

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages