SHARE
TWEET

CVE-2019-14804

a guest Aug 9th, 2019 172 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. CVE-2019-14804
  2.  
  3. >[Description]
  4.  > studio/polyglot.php?page=etemplates in
  5.  > UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing.
  6.  >
  7.  > ------------------------------------------
  8.  >
  9.  > [Additional Information]
  10.  > UNA-v.10.0.0-RC1 [Stored XSS Vulnerability]#1
  11.  > Sign in to admin and look for the ["etemplates"] page (/studio/polyglot.php?page=etemplates)!
  12.  > Click ["Emails"] and edit the templates! Inject the JavaScript code into the ["System Name"] field!
  13.  > http://127.0.0.1/UNA/studio/polyglot.php?page=etemplates
  14.  >
  15.  > UNA-v.10.0.0-RC1 [Stored XSS Vulnerability]#2
  16.  > Sign in to admin and look for the ["sets"] page (studio/builder_menu.php?page=sets)!
  17.  > Click ["Sets"] and edit the "set"! Inject the JavaScript code into the ["System Name"] field!
  18.  > http://127.0.0.1/UNA/studio/polyglot.php?page=etemplates
  19.  >
  20.  > https://github.com/unaio/una/tree/master/studio
  21.  > https://una.io/
  22.  >
  23.  > ------------------------------------------
  24.  >
  25.  > [Vulnerability Type]
  26.  > Cross Site Scripting (XSS)
  27.  >
  28.  > ------------------------------------------
  29.  >
  30.  > [Vendor of Product]
  31.  > UNA
  32.  >
  33.  > ------------------------------------------
  34.  >
  35.  > [Affected Product Code Base]
  36.  > UNA - 10.0.0-RC1
  37.  >
  38.  > ------------------------------------------
  39.  >
  40.  > [Attack Type]
  41.  > Remote
  42.  >
  43.  > ------------------------------------------
  44.  >
  45.  > [Impact Code execution]
  46.  > true
  47.  >
  48.  > ------------------------------------------
  49.  >
  50.  > [Attack Vectors]
  51.  > Client side JavaScript code injection.
  52.  >
  53.  > ------------------------------------------
  54.  >
  55.  > [Reference]
  56.  > https://github.com/unaio/una/commits/master/studio
  57.  
  58.  Use CVE-2019-14804.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top