Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078`
References
| Link | Resource |
|---|---|
| https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/ | Patch Third Party Advisory |
| https://csirt.divd.nl/CVE-2021-30119 | Exploit Third Party Advisory |
| https://csirt.divd.nl/DIVD-2021-00011 | Patch Third Party Advisory |
| https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/ | Patch Third Party Advisory |
| https://csirt.divd.nl/CVE-2021-30119 | Exploit Third Party Advisory |
| https://csirt.divd.nl/DIVD-2021-00011 | Patch Third Party Advisory |
Configurations
History
21 Nov 2024, 06:03
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/ - Patch, Third Party Advisory | |
| References | () https://csirt.divd.nl/CVE-2021-30119 - Exploit, Third Party Advisory | |
| References | () https://csirt.divd.nl/DIVD-2021-00011 - Patch, Third Party Advisory |
Information
Published : 2021-07-09 14:15
Updated : 2024-11-21 06:03
NVD link : CVE-2021-30119
Mitre link : CVE-2021-30119
CVE.ORG link : CVE-2021-30119
JSON object : View
Products Affected
kaseya
- vsa
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')