CoffeeW CoffeeW-1337
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CVE-2019-13583 | |
| An issue was discovered in Xtream Codes 1.60.0. It is an XSS chained with | |
| CSRF, leading to remote command execution as the payload is | |
| stored on a page that is frequently viewed by an admin. | |
| [Additional Information] | |
| A captcha bypass is needed if scripted, a fast function with selenium works well. | |
| The attacker inject the payload which will be reflected in a page. | |
| With social engineering the attacker can push the admin to go to the |