alert3/main.txt

Last active February 1, 2023 15:16

Star 0 You must be signed in to star a gist
Fork 0 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/alert3/2def3bd4f24b2c6757d149fba46477db.js"></script>
Save alert3/2def3bd4f24b2c6757d149fba46477db to your computer and use it in GitHub Desktop.

Download ZIP

DELL EMC VPLEX 6.2 - Reflected DOM XSS

Raw

This is a description of reflected DOM XSS vulnerability found in DELL EMC VPLEX 6.2

Author

alert3 commented Jan 19, 2023 •

edited

Product

DELL EMC VPLEX 6.2

Author

Amin Rawah

CVE ID

TBD

Description

A malicious user without any privilege can craft a search link and inject XSS payload in it. The injection point is in 'seasrchQuery' parameter. The payload injected in 'searchQuery' will be executed as soon as a user visit the page and click inside the search box witch will trigger Reflected DOM XSS

PoC

https://localhost/WebHelp/en_US/search.html?searchQuery=test%3C/span%3E%3Cscript%3Ealert(7)%3C/script%3E

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment