Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reflected XSS in GSA possible. #1601

Closed
Fabi153 opened this issue Sep 2, 2019 · 2 comments
Closed

Reflected XSS in GSA possible. #1601

Fabi153 opened this issue Sep 2, 2019 · 2 comments
Assignees
@bjoernricks

Comments

@Fabi153
Copy link

Fabi153 commented Sep 2, 2019
edited
Loading

Expected behavior

Escaping part of URL and redirecting to /login page.

Actual behavior

When clicking on a specially crafted URL, JavaScript Code gets executed.

Steps to reproduce

https://SERVER-IP/%0a%0a%3Cscript%3Ealert('Vulnerable');%3C/script%3Ewebsite.jsp

GVM versions

gsa: 8.0.0

gvm: 8.0.0

openvas-scanner: 6.0.0

gvm-libs:

Environment

Operating system:

found with nikto v2.1.6

verified with Firefox Quantum 68.0.2esr (64-Bit)

Installation method / source: (packages, source installation)

Logfiles
@bjoernricks bjoernricks self-assigned this Sep 2, 2019
@bjoernricks bjoernricks mentioned this issue Sep 3, 2019
Merged
1 task
@bjoernricks
Copy link
Contributor

Thanks a lot for your report! 👍 It should be fixed with my PR.

@cfi-gb
Copy link
Member

cfi-gb commented Jul 1, 2021

It seems CVE-2019-25047 has been assigned to this recently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bjoernricks bjoernricks

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bjoernricks @Fabi153 @cfi-gb