CVE-2024-50849 PoC — WorldServer 安全漏洞

Source

https://github.com/Wh1teSnak3/CVE-2024-50849

Associated Vulnerability

Title:WorldServer 安全漏洞 (CVE-2024-50849)
Description:RWS WorldServer是英国RWS公司的一个灵活的企业级翻译管理系统。 WorldServer v11.8.2版本存在安全漏洞，该漏洞源于存在跨站脚本(XSS)漏洞，允许远程经过身份验证的攻击者执行任意代码。

Readme

# CVE-2024-50849: Stored XSS in the WorldServer v11.8.2

Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality in WordServer 11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code.

An authenticated high-privileged user must go to the "Rules" page. Fill in all the required fields and insert the XSS payload into the Rule name and the Parameter subject fields. Once the rule has been saved, the JavaScript code is executed after clicking the "Execute Now" button.

Discovered by Nikita Hrab, July 2024

References:
https://www.trados.com/product/worldserver/

File Snapshot


 [4.0K]  /data/pocs/91880831d5153e605d5d849d42b7f21abbd39a4e
└── [ 610]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!