CVE-2021-30119

Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6

CVE	CVE-2021-30119
Title	Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
Case	DIVD-2021-00011
Credits	Discovered by Wietse Boonstra of DIVD () Additional research by Frank Breedijk and Hidde Smit of DIVD ()
CVSS
References	https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/ ( x_refsource_CONFIRM ) https://csirt.divd.nl/DIVD-2021-00011 ( x_refsource_CONFIRM ) https://csirt.divd.nl/CVE-2021-30119 ( x_refsource_CONFIRM )
Problem type(s)	n/a
Date published
Last modified	04 Apr 2022 06:25 CEST

Description

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script> The same is true for the parameter FileName of /done.asp Eaxmple request: https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078

Solution(s)

Upgrade to a version above 9.5.6

Screenshot of XSS

Image 1. Screenshot of XSS

JSON version.

DIVD CSIRT

CVE-2021-30119

Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6

Description

Solution(s)