CVE-2021-26832 PoC — Priority Software Priority Enterprise Management System 跨站脚本漏洞

Source

Associated Vulnerability

Description

Cross Site Scripting (XSS) at the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site.

Readme

# CVE-2021-26832

[Suggested description]
Cross Site Scripting (XSS) at the "Reset Password" page form of
Priority Enterprise Management System v8.00 allows attackers to execute
javascript on behalf of the victim by sending a malicious URL or
directing the victim to a malicious site.

------------------------------------------

[Vulnerability Type]
Cross Site Scripting (XSS)

------------------------------------------

[Vendor of Product]
https://www.priority-software.com/il/

------------------------------------------

[Affected Product Code Base]
Priority Enterprise Management System - Version 8.00

------------------------------------------

[Affected Component]
Reset password page form

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[CVE Impact Other]
Javascript execution on the victims behalf

------------------------------------------

[Attack Vectors]
To exploit the vulnerability, the victim needs to click on a crafted link or webpage, which will initiate the CSRF request on his behalf.

------------------------------------------

[Reference]
https://galnagli.com / https://github.com/NagliNagli/CVE-2021-26832

------------------------------------------

[Discoverer]
Gal Nagli

File Snapshot

 [4.0K]  /data/pocs/bdd509a1d639a88a0c5e6f19122d5597c6dbe98d
└── [1.2K]  README.md

0 directories, 1 file

Remarks