CVE-2024-5420 PoC — 多款SEH产品跨站脚本漏洞

Source

https://github.com/fa-rrel/CVE-2024-5420-XSS

Associated Vulnerability

Title:多款SEH产品跨站脚本漏洞 (CVE-2024-5420)
Description:SEH utnserver Pro是美国SEH公司的一个 USB 设备。多款SEH产品存在跨站脚本漏洞，该漏洞源于网络界面缺少输入验证，允许跨站脚本攻击。以下产品及版本受到影响：SEH Computertechnik utnserver Pro、SEH Computertechnik utnserver ProMAX、SEH Computertechnik INU-100 20.1.22及之前版本。

Description

SEH utnserver Pro/ProMAX / INU-100 20.1.22 - XSS

Readme

### Description
A vulnerability was found in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, affecting the device description parameter in the web interface. 
This flaw allows stored cross-site scripting (XSS), enabling attackers to inject JavaScript code. The attack can be executed remotely by tricking victims into visiting a malicious website, 
potentially leading to session hijacking. This vulnerability is publicly disclosed and identified as CVE-2024-5420.

### USAGE
```bash
nuclei --target http://192.168.1.1:8080/ -t CVE-2024-5420.yaml
```

### Dork query
```bash
FOFA : title="utnserver Control Center"
```
```bash
SHODAN : SEH HTTP Server
```

File Snapshot


 [4.0K]  /data/pocs/c70d22f481ec5a6bc6e39ab44363410808996402
├── [1.7K]  CVE-2024-5420.yaml
└── [ 682]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-5420 PoC — 多款SEH产品 跨站脚本漏洞