TeamsACS exclusively serves Mikrotik's TR069 ACS server
GNU Lesser General Public License v3.0
78
stars
25
forks
source link
CVE-2024-22780 - Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a remote attacker to execute arbitrary code via a crafted script to the errmsg parameter. #26
As per #25 I am publishing the security issue I found within your project as there is no way to contact the mantainer of this repository
[Description] Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a remote attacker to execute arbitrary code via a crafted script to the errmsg parameter.
As per #25 I am publishing the security issue I found within your project as there is no way to contact the mantainer of this repository
[Description] Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a remote attacker to execute arbitrary code via a crafted script to the errmsg parameter.
[Vulnerability Type] Cross Site Scripting (XSS)
[Vendor of Product] CA17
[Affected Product Code Base] https://github.com/CA17/TeamsACS - 1.0.1
[Affected Component] errmsg parameter in the /login endpoint
[Attack Type] Remote
[Impact Code execution] true
[Impact Information Disclosure] true
[Attack Vectors] To exploit the vulnerability the victim has to click on a specifically crafted URL (e.g. address:port/login?errmsg={ANY_HTML_TAG})
[Discoverer] @fuomag9