Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Avaya Aura Utility Services Administration - Cross-Site Scripting

By kannthu

Medium
Vidoc logoVidoc Module
#xss#avaya#aura#iot
Description
Author: DhiyaneshDk Classification CWE-ID: CWE-80 CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS-Score: 5.4 Avaya Aura Utility Services Administration contains a cross-site scripting vulnerability. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Reference - https://blog.assetnote.io/2023/02/01/rce-in-avaya-aura/ - https://download.avaya.com/css/public/documents/101076366 Metadata max-request: 2 verified: true shodan-query: html:"Avaya Aura"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/admin/public/login..../acs/..;/admin/publi...
Matching conditions
word: <script>alert(document.domain)</script>,...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability