Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: June 22, 2022
OverviewIn openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.
DetailsIn openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS.
When the admin clicks on the malicious link the XSS will be triggered.
PoC Details1. Login to the application with an admin user. (usually the URL
will be: http://localhost:8080/)
2. Enter the above payload and watch the messagebox which
includes the admin user sessions cookie.
Affected Environmentsopenlibrary versions deploy-2016-07-0 through deploy-2021-12-22
PreventionUpgrade to openlibrary version deploy-2022-06-09
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||None|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|