[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]

To: fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Subject: [FD] Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]
From: infinitybuzz via Fulldisclosure <fulldisclosure@xxxxxxxxxxxx>
Date: Tue, 12 Nov 2019 16:42:30 +0000

Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]

Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to 
Stored XSS. An HTML page running a script could be uploaded to the server. When 
a victim tries to download a CISO Report template, the script is loaded.

The attacker could upload a html page that runs a script, when the victim tries 
to download the template, it loads the html page with the script.

More Information:

https://link.medium.com/l0B0yMxMy1

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Centraleyezer: Stored XSS using HTML Entities — [CVE-2019–12299]
Next by Date: [FD] WordPress Plugin Social Photo Gallery 1.0 - Remote Code Execution
Previous by thread: [FD] Centraleyezer: Stored XSS using HTML Entities — [CVE-2019–12299]
Next by thread: [FD] WordPress Plugin Social Photo Gallery 1.0 - Remote Code Execution
Index(es):
- Date
- Thread