Tuesday, February 11, 2020

[Ericsson] - Multiple Stored & Reflected XSS

Ericsson RX8200 devices are vulnerable to multiple  reflected and stored XSS
Affected Devices:

  • RX8200 - Version  5.13.3

XSS Reflected:

Injecting javascript code into the "path" parameter in any of the menus in the URL using GET or POST we get a reflected xss






We also found another one in the "Service + ID" Parameter







Stored XSS:

Injecting the javascript code in the name of the devices, and then refreshing the page we can see how the XSS sotored is executed





CVE: CVE-2020-22158
By: @Linuxmonr4


Monr4

Autor

0 comentarios:

Post a Comment

 
biz.