Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
32 lines (21 sloc) 795 Bytes

CVE-2019-xxxx - XSS in HT2 Labs - Learning Locker

  • Vendor: HT2 Labs
  • Product: Learning Locker
  • Version: 3.15.1
  • CVE: CVE-2019-12834
  • CVSS3.0 Base Score: 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C)

Detailed Description of the Vulnerability

It's possible to inject malicious HTML and JS code into DOM of the website via the URI parameter.

http://<domain>/dashboards/<malicious_code>

PoC

http://example.com/dashboards/%3Ch1%3EDOM%20TEST

Refereences

Timeline

You can’t perform that action at this time.