Guest User

CVE-2019-14804

a guest
Aug 9th, 2019
946
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. CVE-2019-14804
  2.  
  3. >[Description]
  4. > studio/polyglot.php?page=etemplates in
  5. > UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.
  6. >
  7. > ------------------------------------------
  8. >
  9. > [Additional Information]
  10. > UNA-v.10.0.0-RC1 [Stored XSS Vulnerability]#1
  11. > Sign in to admin and look for the ["etemplates"] page (/studio/polyglot.php?page=etemplates)!
  12. > Click ["Emails"] and edit the templates! Inject the JavaScript code into the ["System Name"] field!
  13. > http://127.0.0.1/UNA/studio/polyglot.php?page=etemplates
  14. >
  15. > UNA-v.10.0.0-RC1 [Stored XSS Vulnerability]#2
  16. > Sign in to admin and look for the ["sets"] page (studio/builder_menu.php?page=sets)!
  17. > Click ["Sets"] and edit the "set"! Inject the JavaScript code into the ["System Name"] field!
  18. > http://127.0.0.1/UNA/studio/polyglot.php?page=etemplates
  19. >
  20. > https://github.com/unaio/una/tree/master/studio
  21. > https://una.io/
  22. >
  23. > ------------------------------------------
  24. >
  25. > [Vulnerability Type]
  26. > Cross Site Scripting (XSS)
  27. >
  28. > ------------------------------------------
  29. >
  30. > [Vendor of Product]
  31. > UNA
  32. >
  33. > ------------------------------------------
  34. >
  35. > [Affected Product Code Base]
  36. > UNA - 10.0.0-RC1
  37. >
  38. > ------------------------------------------
  39. >
  40. > [Attack Type]
  41. > Remote
  42. >
  43. > ------------------------------------------
  44. >
  45. > [Impact Code execution]
  46. > true
  47. >
  48. > ------------------------------------------
  49. >
  50. > [Attack Vectors]
  51. > Client side JavaScript code injection.
  52. >
  53. > ------------------------------------------
  54. >
  55. > [Reference]
  56. > https://github.com/unaio/una/commits/master/studio
  57.  
  58. Use CVE-2019-14804.
RAW Paste Data