CVE-2021-30119 - Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
CVE | CVE-2021-30119 |
Case | DIVD-2021-00011 |
Discovered by | |
Credits |
|
Products |
Kaseya:
|
Versions |
Kaseya:
|
CVSS | Base score: 5.4 |
References | |
Solution | Upgrade to a version above 9.5.6 |
Last modified | 20 Jun 2022 09:35 |
Description
Authenticated reflective XSS in HelpDeskTab/rcResults.asp
The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack
Example request:
https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>
The same is true for the parameter FileName of /done.asp
Eaxmple request:
https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078
Image 1. Screenshot of XSS
JSON version