CVE-2020-13820 PoC — Extreme Networks Management Center 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-13820.yaml

Associated Vulnerability

Title:Extreme Networks Management Center 跨站脚本漏洞 (CVE-2020-13820)
Description:Extreme Networks Management Center是美国极进网路（Extreme Networks）公司的一套企业网络管理解决方案。该产品支持网络监控和事件警报等功能。 Extreme Networks Management Center 8.4.1.24版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Description

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

File Snapshot


 id: CVE-2020-13820

info:
  name: Extreme Management Center 8.4.1.24 - Cross-Site Scripting
  author

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!