Full Disclosure mailing list archives

Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]

From: infinitybuzz via Fulldisclosure <fulldisclosure () seclists org>
Date: Tue, 12 Nov 2019 16:42:30 +0000

Centraleyezer: Unrestricted File Upload — [CVE-2019–12311]

Sandline Centraleyezer (On Premises) allows Unrestricted File Upload leading to Stored XSS. An HTML page running a 
script could be uploaded to the server. When a victim tries to download a CISO Report template, the script is loaded.

The attacker could upload a html page that runs a script, when the victim tries to download the template, it loads the 
html page with the script.

More Information:

https://link.medium.com/l0B0yMxMy1

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

Centraleyezer: Unrestricted File Upload — [CVE-2019–12311] infinitybuzz via Fulldisclosure (Nov 15)