Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: September 28, 2021
PoC DetailsLogin to the application as guest:guest via visiting http://localhost:8080/opencrx-core-CRX.
Click on Security, Request password reset. Click ok. A password request link shows up in the Alerts tab. Click on the yellow icon to open it. Copy the password reset URL. A password reset URL example looks like this:
In the `id` parameter, insert the given payload (note: Change ip and port accordingly).
Create a file poc.js locally and start a python server in the file directory where the JS file is present. Now login as admin-Standard:admin-Standard in a private window. Paste the URL with the payload in the `id` parameter value. The external JS file is successfully called.
Affected Environmentsv4.0.0 - v5.1.0
PreventionUpgrade to version org.opencrx:opencrx-core-config:5.2.0
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||None|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|