PSG-6528VM-xss

Vendor: eten Technologies Inc. Product: PSG-6528VM Version: 1.1 Vulnerability: Cross-Site Scripting

Information

Cross-site Scripting vulnerability in PSG-6528VM This attack appear to be exploitable via payload onmouseover.

Attack Scenario: Stored Cross Site Scripting

Step 1. Login into PSG-6528VM.

Step 2: Go to system information configuration page.

Step 3: User can inject payload in "System Contact" & "System Location" field.

    payload:<img src=# onmouseover="alert('xss')">

Step 4: Then click on save

Step 5: when moving the mouse pointer onto an image then XSS Script will get execute.

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
README.md		README.md
eten_xss.png		eten_xss.png
xss_payload.png		xss_payload.png