Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2021-3151

Description

i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS.

POC

Reference

- http://packetstormsecurity.com/files/162815/i-doit-1.15.2-Cross-Site-Scripting.html

- https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2020-056

Github

- https://github.com/2lambda123/CVE-mitre

- https://github.com/Offensive-Penetration-Security/OPSEC-Hall-of-fame

- https://github.com/nu11secur1ty/CVE-mitre