Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-24654: Intelbras ATA 200 Cross Site Scripting ≈ Packet Storm

Authenticated stored cross-site scripting (XSS) vulnerability in “Field Server Address” field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload.

CVE
Open in Source
#xss#vulnerability#web#java#intel#auth

Change Mirror Download

# Exploit Title: Intelbras ATA 200 Authenticated Stored XSS# Date: 17/01/2022# Exploit Author: Leonardo Goncalves# Vendor Homepage: https://www.intelbras.com/pt-br/adaptador-ip-para-telefones-analogicos-ata-200# Version: Firmware 74.19.10.211) Log in the equipment via your web browser2) Go to Management > Syslog3) In the "Field Server Address" inject the payload "-prompt("XSS")-"4) Click Save5) Exploit

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE