FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting

Posted by deepcore on July 2, 2019 – 3:12 pm

FaceSentry Access Control System version 6.4.8 is vulnerable to multiple cross site scripting vulnerabilities. This issue is due to the application’s failure to properly sanitize user-supplied input thru the ‘msg’ parameter (GET) in pluginInstall.php script. An attacker may leverage any of the cross-site scripting issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials, phishing, as well as other attacks.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« SquirrelMail 1.4.22 Cross Site Scripting FaceSentry Access Control System 6.4.8 Remote SSH Root Access »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

FaceSentry Access Control System 6.4.8 Reflected Cross Site Scripting

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL