[Ericsson] - Multiple Stored & Reflected XSS

 

Ericsson RX8200 devices are vulnerable to multiple  reflected and stored XSS

Affected Devices:

• RX8200 - Version  5.13.3

XSS Reflected:

Injecting javascript code into the "path" parameter in any of the menus in the URL using GET or POST we get a reflected xss

We also found another one in the "Service + ID" Parameter

Stored XSS:

Injecting the javascript code in the name of the devices, and then refreshing the page we can see how the XSS sotored is executed

CVE: CVE-2020-22158

By: @Linuxmonr4