cd30696d15
15 changes to exploits/shellcodes Queue Management System 4.0.0 - _Add User_ Stored XSS Spotweb 1.4.9 - 'search' SQL Injection Academy-LMS 4.3 - Stored XSS Spiceworks 7.5 - HTTP Header Injection Wordpress Plugin Contact Form 7 5.3.1 - Unrestricted File Upload SCO Openserver 5.0.7 - 'section' Reflected XSS SCO Openserver 5.0.7 - 'outputform' Command Injection Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS Flexmonster Pivot Table & Charts 2.7.17 - 'To OLAP' Reflected XSS Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS Flexmonster Pivot Table & Charts 2.7.17 - 'Remote JSON' Reflected XSS Point of Sale System 1.0 - Multiple Stored XSS Online Marriage Registration System 1.0 - 'searchdata' SQL Injection Sony Playstation 4 (PS4) < 6.72 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC) Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)
15 lines
No EOL
836 B
Text
15 lines
No EOL
836 B
Text
# Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS
|
|
# Date: 08/01/2020
|
|
# Exploit Author: Marco Nappi
|
|
# Vendor Homepage: https://www.flexmonster.com/
|
|
# Version:Flexmonster Pivot Table & Charts 2.7.17
|
|
# Tested on:Flexmonster Pivot Table & Charts 2.7.17
|
|
# CVE : CVE-2020-20140
|
|
|
|
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17
|
|
|
|
Reflected XSS:
|
|
The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). Below I have provided an example URL. When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.
|
|
|
|
payload:
|
|
<svg onload=alert("OpenRemoteReport")><!-- |