Advertisement






Rollout::UI Cross site scripting exploit

CVE Category Price Severity
CVE-2021-12345 CWE-79 $500 High
Author Risk Exploitation Type Date
Hacker123 High Remote 2023-05-06
CPE
cpe:cpe:/a:exploitalert:rollout-ui-cross-site-scripting-exploit
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023050012

Below is a copy:

Rollout::UI Cross site scripting exploit
Rollout::UI is a Minimalist UI for the rollout gem that you can just mount as a Rack app. There is a Cross-site scripting vulnerability in the gem in which the feature's name isn't escaped properly in the "Do you really want to delete" confirmation dialog. When the user clicks "Delete", the page will run the XSS from the feature name.

The following PoC triggers a JavaScript alert when clicking at the "Delete" button:

http://<host>/features/'+alert(document.cookie)+'

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum