Cross-site Scripting (XSS) - Reflected in azuracast/azuracast
Aug 27th 2021
The Application is Vulnerable to reflected HTML Injection
🕵️♂️ Proof of Concept
Open the following page in the browser as admin. The page is vulnerable to HTML Injection.
An Iframe is injected into the page using the HTML Injection vulnerability.
HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.
Buster Neece validated this vulnerability 2 years ago
Melbin Mathew Antony has been awarded the disclosure bounty
The fix bounty is now up for grabs
Buster Neece marked this as fixed with commit 1182a8 2 years ago
This vulnerability will not receive a CVE
to join this conversation