Exploits / Vulnerability Discovered : 2020-12-21 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Flexmonster pivot table & charts 2.7.17 to remote csv reflected xss is for educational purposes only and if it is used you will do on your own risk!
Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.
Reflected XSS:
The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). Below I have provided an example URL. When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.