Monday, January 20, 2020

[Lifesize] devices allow XSS via the interface/interface.php brand parameter - CVE-2018-17981



lifesize is a device for video conferences. when entering the web application a popup will be displayed to execute flash, taking that URL and injecting javascript in the "brand" parameter we will see how that code is executed evidencing a cross site scripting

Affected Versions:

lifesize express - ls ex2_4.7.10 2000 (14)
Lifesize Room220i - LS_RM2_4.11.8 (14)







By: @linuxmonr4

Monr4

Autor

0 comentarios:

Post a Comment

 
biz.