Advertisement






Intelbras ATA 200 Cross Site Scripting

CVE Category Price Severity
CVE-2020-26778 CWE-79 $3000 High
Author Risk Exploitation Type Date
Unknown High Remote 2022-08-11
CVSS
CVSS:4.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022080040

Below is a copy:

Intelbras ATA 200 Cross Site Scripting
# Exploit Title: Intelbras ATA 200 Authenticated Stored XSS
# Date: 17/01/2022
# Exploit Author: Leonardo Goncalves
# Vendor Homepage: https://www.intelbras.com/pt-br/adaptador-ip-para-telefones-analogicos-ata-200
# Version: Firmware 74.19.10.21

1) Log in the equipment via your web browser
2) Go to Management > Syslog
3) In the "Field Server Address" inject the payload "-prompt("XSS")-"
4) Click Save
5) Exploit

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.