Headline
CVE-2022-41432: gist:bda0b16cf99cb14bb767db84e5110419
EyesOfNetwork Web Interface v5.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /module/report_event/index.php.
CVE-2022-XXXXX
------------------------------------------
[Suggested description]
EyesOfNetwork web interface 5.3 allows admins to conduct reflected XSS attacks.
------------------------------------------
[Vulnerability Type]
Cross Site Scripting (XSS)
------------------------------------------
[Vendor of Product]
EyesOfNetwork
------------------------------------------
[Affected Product Code Base]
EyesOfNetwork web interface 5.3
------------------------------------------
[Affected Component]
We found reflected xss at /module/report_event/index.php
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Attack Vectors]
https://github.com/EyesOfNetworkCommunity/eonweb/issues/119
The vulnerable parameter is GET-parameter type.
------------------------------------------
[Reference]
EyesOfNetwork web interface 5.3 (https://github.com/EyesOfNetworkCommunity/eonweb)
------------------------------------------
[Discoverer]
Yuriy Bairov, Dmitriy Tatarov