[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Centraleyezer: Stored XSS using HTML Entities — [CVE-2019–12299]

To: fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] Centraleyezer: Stored XSS using HTML Entities — [CVE-2019–12299]
From: infinitybuzz via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Date: Tue, 12 Nov 2019 16:40:43 +0000

Centraleyezer: Stored XSS using HTML Entities — [CVE-2019–12299]

Sandline Centraleyezer (On Premises) allows Stored XSS using HTML entities in 
the name field of the Category section.

I could bypass the restrictions using HTML Entities &gt &lt, the Stored XSS 
only triggers when editing the category.

More Information:

https://link.medium.com/5galrOpMy1

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Centraleyezer: Unrestricted File Upload -[CVE-2019-12271]
Next by Date: [FD] Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]
Previous by thread: [FD] Centraleyezer: Unrestricted File Upload -[CVE-2019-12271]
Next by thread: [FD] Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]
Index(es):
- Date
- Thread