A reflected cross-site scripting (XSS) vulnerability was found in AcuToWeb server/10.5.0.7577c8b. An attacker can exploit this vulnerability to inject malicious JS code into an HTML page, which is then executed by a webmaster or administrator whenaccessing a URL with a payload.
Details
The parameters are reflected in the script tag of the page, which we can pass; String to end the previous statement and insert malicious js code.
The vulnerability occurs because the portgw parameter is only escaped with double quotes and Angle brackets.
POC
http://ip:port/?portgw=80089948;%20alert(1)
Note
I contacted OpenText about this vulnerability back in January 2024, but they have not responded at all.
Summary
A reflected cross-site scripting (XSS) vulnerability was found in AcuToWeb server/10.5.0.7577c8b. An attacker can exploit this vulnerability to inject malicious JS code into an HTML page, which is then executed by a webmaster or administrator whenaccessing a URL with a payload.
Details
The parameters are reflected in the script tag of the page, which we can pass; String to end the previous statement and insert malicious js code.
The vulnerability occurs because the portgw parameter is only escaped with double quotes and Angle brackets.
POC
http://ip:port/?portgw=80089948;%20alert(1)
Note
I contacted OpenText about this vulnerability back in January 2024, but they have not responded at all.