[Lifesize] devices allow XSS via the interface/interface.php brand parameter

julio 16, 2023

[Lifesize] devices allow XSS via the interface/interface.php brand parameter - CVE-2018-17981

lifesize is a device for video conferences. when entering the web application a popup will be displayed to execute flash, taking that URL and injecting javascript in the "brand" parameter we will see how that code is executed evidencing a cross site scripting

Affected Versions:

lifesize express - ls ex2_4.7.10 2000 (14)

Lifesize Room220i - LS_RM2_4.11.8 (14)

By: @linuxmonr4

Buscar este blog

Cacharros in the wild

[Lifesize] devices allow XSS via the interface/interface.php brand parameter - CVE-2018-17981

Comentarios

Publicar un comentario

Entradas populares

[EVERTZ] - Path Transversal && Arbitrary File Upload = SHELL [CVE-2020-22159 ]

[ITERIS] - Vantage Velocity Field Unit - Os Code Injection - (CVE-2020-9020)