Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Stored XSS in unifi.ubnt.com

U
Ubiquiti Inc.
Submitted None
Actions:
View on HackerOne
Reported by b7882330c6060c6b277c5a1

Vulnerability Details

Technical details and impact analysis

Cross-site Scripting (XSS) - Generic
Dear @ubnt-matt, I've found a stored xss in unifi.ubnt.com ##Step to reproduce :## ``` Step 1: Login to unifi.ubnt.com Step 2: Connect latest unifi controller with unifi.ubnt.com via cloud access. Step 3: Create site with any name in that controller. Step 4: Click on launch site in unifi.ubnt.com then you will again redirect to unifi.ubnt.com with controls. Step 5: Create Network with xss payload "><img src=x onerror=prompt(document.cookie)> Step 6: XSS will execute. ``` **Note : ** force WebRTC should we enable. I've attached screenshot of the same. let me know if you need more info. Best Regard Shubham

Report Details

Additional information and metadata

State

Closed

Substate

Resolved

Submitted

Weakness

Cross-site Scripting (XSS) - Generic