Exploits / Vulnerability Discovered : 2019-05-07 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Prinect archive system 2015 release 2.6 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
Description
================
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Print Archive System v2015 release 2.6
Vulnerability
================
The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the "TextField" parameter.
Mitigations
================
No more feedback from the vendor:
https://www.heidelberg.com
Disclosure policy
================
We believes in responsible disclosure.
Please contact us on Alex Hernandez aka alt3kx (at) protonmail com to acknowledge this report.
This vulnerability will be published if we do not receive a response to this report with 10 days.
Timeline
================
2019-02-04: Discovered
2019-02-25: Retest PRO environment
2019-03-25: Retest on researcher's ecosystem
2019-04-02: Vendor notification
2019-04-03: Vendor feedback received
2019-04-08: Reminder sent
2019-04-08: 2nd reminder sent
2019-04-11: Internal communication
2019-04-26: No more feedback received from the vendor
2019-05-30: New issues found
2019-06-30: Public Disclosure
Discovered by:
Alex Hernandez aka alt3kx:
================
Please visit https://github.com/alt3kx for more information.
My current exploit list @exploit-db:
https://www.exploit-db.com/author/?a=1074 & https://www.exploit-db.com/author/?a=9576
Prinect archive system 2015 release 2.6 crosssite scripting