Zenario 9.7.61188-Reflect XSS (CVE-2024–45964)
Description:
# A Reflected XSS Issue is discovered in Zenario 9.7.61188
# We found a vulnerability XSS that allow attackers to reflect XSS via Editing properties of image in Image library.
Affected Component:
http://[ip]/zenario-probusiness-9.7/organizer.php?fromCID=1&fromCType=html#zenario__library/panels/image_library//5~.zenario_image~tdetails~k{%22id%22%3A%225%22}
Payload:
<script>alert(/Grim The Ripper Team by SOSECURE Thailand/)</script>
Proof of Concept:
First, login to the target application.
We login to the target application with admin privileges.
Select Manu then click on Image library function.
Select Image properties and link function.
Input the XSS payload in the Organizer tags.
Next, then click “Save” button.
The XSS payload will run immediately.
Author:
Grim The Ripper Team by SOSECURE Thailand