MyONTV admin 2024 has a reflective XSS vulnerability - Githubissues

Hebing123 / cve

0 stars 0 forks source link

MyONTV admin 2024 has a reflective XSS vulnerability #15

Open Hebing123 opened 10 months ago

Hebing123 commented 10 months ago

Summary

MyONTV admin has a reflective cross-site vulnerability.

Details

MyONTV-Admin has a reflection cross-site attack vulnerability caused by signup.php directly referencing the "thanks" parameter without filtering.

Proof of Concept (POC)

http://ip:port/signup.php?thanks=%22%3E%3CScRiPt%3Ealert(document.cookie)%3C/ScRiPt%3E 1705332254631

Impact

If a user or administrator accesses the malicious url, the cookie may be obtained by an attacker.

Hebing123 commented 6 months ago

The CVE feedback version cannot be determined, and the CVE number cannot be assigned.