Headline
CVE-2022-41433: gist:b7419cab29f4105df1c1fbe5d99edd7c
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/admin_bp/add_application.php.
CVE-2022-XXXXX
------------------------------------------
[Suggested description]
EyesOfNetwork web interface 5.3 allows admins to conduct reflected XSS attacks.
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]
EyesOfNetwork
------------------------------------------
[Affected Product Code Base]
EyesOfNetwork web interface 5.3
------------------------------------------
[Affected Component]
We found reflected xss at /module/admin_bp/add_application.php
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Attack Vectors]
https://github.com/EyesOfNetworkCommunity/eonweb/issues/118
The vulnerable parameter is GET-parameter bp_name.
------------------------------------------
[Reference]
EyesOfNetwork web interface 5.3 (https://github.com/EyesOfNetworkCommunity/eonweb)
------------------------------------------
[Discoverer]
Yuriy Bairov, Dmitriy Tatarov