CVE-2022-23861 PoC — YSoft SAFEQ 安全漏洞

Source

https://github.com/mbadanoiu/CVE-2022-23861

Associated Vulnerability

Title:YSoft SAFEQ 安全漏洞 (CVE-2022-23861)
Description:YSoft SAFEQ是捷克YSoft公司的一个企业打印管理套件解决方案平台。 YSoft SAFEQ存在安全漏洞，该漏洞源于缺乏输出清理，导致YSoft SafeQ Web应用程序中的多个字段可用于注入恶意输入。

Description

CVE-2022-23861: Multiple Stored Cross-Site Scripting in YSoft SafeQ

Readme

# CVE-2022-23861: Multiple Stored Cross-Site Scripting in YSoft SafeQ

Multiple fields in the YSoft SafeQ web application can be used to inject malicious inputs that, due to a lack of output sanitization, result in the execution of arbitrary JS code. These fields can be leveraged to perform XSS attacks on legitimate users accessing the SafeQ web interface.

### Collaboration:

This vulnerability was found in collaboration with Marian-Razvan Ilisanu.

### NVD Disclosure:

The disclosure for this vulnerability can be found [here](https://nvd.nist.gov/vuln/detail/CVE-2022-23861).

### Requirements:

This vulnerability requires:
<br/>
- Valid user credentials in order to access and edit the vulnerable fields

### Proof Of Concept:

More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2022-23861/blob/main/SafeQ%20-%20CVE-2022-23861.pdf).

File Snapshot


 [4.0K]  /data/pocs/c77ae96f6ad146558cc3a39f089bda0bea4f2b9a
├── [ 894]  README.md
└── [1.5M]  SafeQ - CVE-2022-23861.pdf

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!