Headline
CVE-2021-46083: There is a stored xss vulnerability exists in uscat. · Issue #1 · chenniqing/uscat
uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code.
[Suggested description]
Cross SIte Scripting (XSS) vulnerability exists in uscat. via
a Google search in url:http://localhost:9105/admin/basic.action and enter the site information setting page and enter the malicious XSS code in the input box of the statistical code. This code will be executed in the system foreground
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://github.com/chenniqing/uscat
[Affected Product Code Base]
*
[Affected Component]
POST /web_info/save.json HTTP/1.1
Host: localhost:9105
Content-Length: 213
sec-ch-ua: " Not A;Brand";v="99", “Chromium";v="92”
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:9105
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:9105/web_info/edit.action
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: JSESSIONID=955307B507B1FD2D9AE8E69C6EABFB75; navUrl=http://localhost:9105/admin/basic.action
Connection: close
name=Javaex%E8%AE%BA%E5%9D%9B&domain=http%3A%2F%2Fwww.javaex.cn%2F&email=291026192%40qq.com&recordNumber=%E8%8B%8FICP%E5%A4%8718008530%E5%8F%B7&license=1&statisticalCode= your xss payload
[Attack Type]
Remote
[Impact Code execution]
true
The input sensitive parameters are not filtered, resulting in malicious code at URL: http://localhost:9105/ After being parsed and executed, all users accessing this URL will be affected.