Flexmonster Pivot Table And Charts 2.7.17 Cross Site Scripting

#220
Topic created · 1 Posts · 0 Views
  • Flexmonster Pivot Table and Charts version 2.7.17 suffers from multiple cross site scripting vulnerabilities.
    MD5 | ec2e1c57134445ac1209c351b866228b
    Download

    # Exploit Title: CVE-2020-20140 : Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17  
    # Date: 08/01/2020  
    # Exploit Author: Marco Nappi  
    # Vendor Homepage: n/a  
    # Software Link: n/a  
    # Version:Flexmonster Pivot Table & Charts 2.7.17  
    # Tested on:Flexmonster Pivot Table & Charts 2.7.17  
    # CVE : CVE-2020-20140  
    Reflected XSS:  
    The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). Below I have provided an example URL. When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.  
    payload:  
    <svg onload=alert("OpenRemoteReport")><!--  
    -------  
    # Exploit Title: CVE-2020-20139 : Cross Site Scripting (XSS) vulnerability in the Remote JSON component   
    # Date: 08/01/2020  
    # Exploit Author: Marco Nappi  
    # Vendor Homepage: n/a  
    # Software Link: n/a  
    # Version:Flexmonster Pivot Table & Charts 2.7.17  
    # Tested on:Flexmonster Pivot Table & Charts 2.7.17  
    # CVE : CVE-2020-20139  
    Reflected XSS:  
    The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). Below I have provided an example URL. When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.  
    payload:  
    <svg onload=alert("OpenRemoteJSON")><!--  
    -------  
    # Exploit Title: CVE-2020-20141 : Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.  
    # Date: 08/01/2020  
    # Exploit Author: Marco Nappi  
    # Vendor Homepage: n/a  
    # Software Link: n/a  
    # Version:Flexmonster Pivot Table & Charts 2.7.17  
    # Tested on:Flexmonster Pivot Table & Charts 2.7.17  
    # CVE : CVE-2020-20141  
    Reflected XSS:  
    The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). Below I have provided an example URL. When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.  
    payload:  
    <svg onload=alert("OLAPTool")><!--  
    -------  
    # Exploit Title: CVE-2020-20138 : Reflected XSS in Cms Made Simple module "Showtime2 Slideshow"  
    # Date: 08/01/2020  
    # Exploit Author: Marco Nappi  
    # Vendor Homepage: n/a  
    # Software Link: [download link if available]  
    # Version:Cms Made Simple - 2.2.4   
    # Tested on:Cms Made Simple - 2.2.4  
    # CVE : CVE-2020-20138  
    Reflected XSS:  
    The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). Below I have provided an example URL. When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.  
    example : http://<HOST>/admin/moduleinterface.php?mact=Showtime2%2Cm1_%2Caddslides%2C0&_sk_=8a5db6575606c958c74&m1_showid=1&m1_module_message=%3Csvg%20onload=alert()%3E  
    -------  
    # Exploit Title: CVE-2020-20142 :Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.  
    # Date: 08/01/2020  
    # Exploit Author: Marco Nappi  
    # Vendor Homepage: n/a  
    # Software Link: n/a  
    # Version:Flexmonster Pivot Table & Charts 2.7.17  
    # Tested on:Flexmonster Pivot Table & Charts 2.7.17  
    # CVE : CVE-2020-20142  
    Reflected XSS:  
    The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). Below I have provided an example URL. When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.  
    payload:  
    <svg onload=alert("OpenRemoteCSV")><!--  
    

    Source: packetstormsecurity.com

Log in to reply