Created
May 3, 2024 15:14
-
-
Save cgnl/672ace3cbad1116fcd9ae633e54ea9f8 to your computer and use it in GitHub Desktop.
CVE-2024-22910: Authenticated XSS in CrushFTP < 10.6.0
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2024-22910: Authenticated XSS in CrushFTP < 10.6.0 | |
[Description] | |
Cross Site Scripting (XSS) vulnerability in CrushFTP v.10.6.0 and | |
v.10.5.5 allows an attacker to execute arbitrary code via a crafted | |
payload. | |
------------------------------------------ | |
[Vulnerability Type] | |
Cross Site Scripting (XSS) | |
------------------------------------------ | |
[Vendor of Product] | |
CrushFTP | |
------------------------------------------ | |
[Affected Product Code Base] | |
CrushFTP - 10.6.0 | |
CrushFTP - 10.5.5 | |
And possibly all versions of CrushFTP below 10.6.0. | |
------------------------------------------ | |
[Affected Component] | |
The main page of CrushFTP after authentication | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Code execution] | |
true | |
------------------------------------------ | |
[Impact Escalation of Privileges] | |
true | |
------------------------------------------ | |
[Impact Information Disclosure] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
To exploit the vulnerability, an authenticated victim has to open a crafted URL and hover over the refresh image on the page. | |
An example URL is https://[crushftp]/#all/%20'%20onmouseover=alert(1)%20/ | |
------------------------------------------ | |
[Discoverer] | |
codeguardian.nl | |
------------------------------------------ | |
[Reference] | |
http://crushftp.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment