| [Description] | |
| NeDi 1.9C is vulnerable to reflected cross-site scripting. The | |
| Other-Converter.php file improperly validates | |
| user input. An attacker can exploit this | |
| vulnerability by crafting arbitrary JavaScript | |
| in the txt GET parameter. | |
| ------------------------------------------ | |
| [Additional Information] | |
| Step To Reproduce-: | |
| 1. Login with the credential. | |
| 2. Go to https://ip-nedi/Other-Converter.php?txt="><script>alert(document.domain)</script> | |
| ------------------------------------------ | |
| [Vulnerability Type] | |
| Cross Site Scripting (XSS) | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| Nedi-FindIt | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| Nedi - 1.9C | |
| ------------------------------------------ | |
| [Affected Component] | |
| Other-Converter.php | |
| ------------------------------------------ | |
| [Attack Type] | |
| Remote | |
| ------------------------------------------ | |
| [Impact Code execution] | |
| true | |
| ------------------------------------------ | |
| [Impact Escalation of Privileges] | |
| true | |
| ------------------------------------------ | |
| [Impact Information Disclosure] | |
| true | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| An attacker can exploit this vulnerability by crafting arbitrary | |
| javascript ("><script>alert(document.domain)</script>) in `txt` GET | |
| parameter of Other-Converter.php resulting in execution of the | |
| javascript. Due to this flaw, an attacker can hijack the user's | |
| session. | |
| ------------------------------------------ | |
| [Reference] | |
| http://www.nedi.ch/download/ | |
| ------------------------------------------ | |
| [Discoverer] | |
| Preetham Bomma |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment