Supervene RazDC WebUI Edit User CGI Form Stored XSS

Strike ID:
E18-5lvi1
CVSS:
4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
False Positive:
f
Variants:
6
Year:
2018

Description

This strike exploits a stored cross site scripting vulnerability in Supervene RazDC. The vulnerability is due to the lack of user-supplied input sanitization within 'save_user.cgi' form, while parsing input passed to various HTTP parameters. By exploiting this vulnerability, a remote, unauthenticated attacker can execute arbitrary OS commands on the target server.

CVE

References