POC详情: a73578a58012e7b140b930de926779be5ab0f144

来源
关联漏洞

疑似Oday

描述
A Cross-Site Scripting (XSS) vulnerability
介绍
## Cross-Site Scripting (XSS) in DonWeb Ferozo Webmail (CVE-2024-50962)


### Description
A Cross-Site Scripting (XSS) vulnerability in **Ferozo Webmail v1.1** allows attackers to execute arbitrary scripts via the **Identities** and **Automatic Responses** components. This vulnerability can be used to hijack user sessions, conduct phishing attacks, and steal credentials.

### Attack Complexity
- **Low**

### Privileges Required
- **None**

### User Interaction
- **Required** (Users need to interact with the component containing the injected script.)

### Affected Components
- **Identities Page and Automatic Responses**: Insufficient input validation allows malicious script injection.

### Impact
- **Session Hijacking**: Attackers can control user sessions.
- **Phishing**: Embedded iframes can be used to conduct phishing attacks.

### Remediation
- **Input Sanitization**: Implement robust input validation and sanitization.
- **XSS Filtering**: Apply a Content Security Policy (CSP) to prevent unauthorized script execution.

---
**CVE-2024-50962**  
*Reported by [Facundo Fernandez / Security Researcher]*

文件快照

[4.0K] /data/pocs/a73578a58012e7b140b930de926779be5ab0f144 └── [1.1K] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。