LanSweeper - Cross-Site Scripting

EDB-ID: 43149
Author: Miguel Mendez Z
Published: 2017-11-16
CVE: CVE-2017-16841
Type: Webapps
Platform: ASPX
Vulnerable App: N/A

Title: Vulnerability in LanSweeper
Date: 16-11-2017
Status: Vendor contacted, patch available
Author: Miguel Mendez Z
Vendor Homepage:
CVE: CVE-2017-16841

Vulnerability description -------------------------

LanSweeper has XSS via the description parameter to "/Calendar/CalendarActions.aspx".
Take control of the browser using the xss shell or perform malware attacks on users.

Vulnerable variable:



" Software"


Related Posts