-
Notifications
You must be signed in to change notification settings - Fork 0
/
CVE-2023-47097
16 lines (11 loc) · 877 Bytes
/
CVE-2023-47097
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Description:
A security vulnerability has been identified in Server Templates under System Settings. The identified issue permits an attacker to exploit a stored Cross-Site Scripting (XSS) vulnerability. Through the injection of a malicious payload, the attacker gains the ability to execute arbitrary code.
RISK FACTOR: High
Affected Component – Template name
Procedure for reproducing the issue:
a. Access the System settings interface and navigate to Server Templates, inserted an XSS payload in Template name field, and finally click on Create button.
b. Upon successfully creating server template, clicking on template name to open the template, the XSS payload is triggered.
Below are the affected tabs when victims tries to access which leads to XSS attack
a. Create Virtual Server
b. Edit Virtual Server
c. Migrate Virtual Server under Add Servers tab