You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The Create Virtual Server functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed. Anyone who will be checking for creating virtual server here are affected by stored XSS vulnerability.
RISK FACTOR: High
Affected Component – Description field.
Procedure for reproducing the issue:
a. An Attacker can Access the Create Virtual Server interface then inserted and insert the XSS payload in the Description field and finally click on Create Server button.
b. Once attcker click on Create Server button, it starts setting up Virtual Server.
c. On returning to the Virtual Server Summary page, an XSS payload is triggered, and popup is seen.