g-rubert/CVE-2020-9461

Stored Cross Site Scripting - Oempro

CVE-2020-9461

██╗  ██╗███████╗███████╗
╚██╗██╔╝██╔════╝██╔════╝
 ╚███╔╝ ███████╗███████╗
 ██╔██╗ ╚════██║╚════██║
██╔╝ ██╗███████║███████║
╚═╝  ╚═╝╚══════╝╚══════╝

Stored XSS - Oempro

Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated user. The FolderName parameter of the Media.CreateFolder command is vulnerable.

Command:Media.CreateFolder

Request parameter:FolderName

Version: Oempro v4.7 <= v4.11

Researcher: Guilherme Rubert

Payload

<marquee/onstart=alert("XSS")>

References

https://guilhermerubert.com/blog/cve-2020-9461/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9461

https://nvd.nist.gov/vuln/detail/CVE-2020-9461

https://www.octeth.com/