Jolokia Reflected XSS
Medium
M
Mars
Submitted None
Team Summary
Official summary from Mars
A Cross-Site Scripting (XSS) vulnerability is present in the Jolokia endpoint at ███████. User-supplied data is not properly sanitized before being reflected back, allowing an attacker to inject malicious JavaScript code that gets executed in the victim's browser.
Actions:
Reported by
ramzanrl
Vulnerability Details
Technical details and impact analysis
## Summary:
(salam)
Hi team i hope you are well , after doing some recon on ███████ i saw that the website use jolkia 1.3.5 it's vulnerable to reflected XSS
## Steps To Reproduce:
1. Vuln Link : ████:
CVE-2018-1000129
Jolkia - Version
████████
##POC
█████████
## Impact
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:
Perform any action within the application that the user can perform.
View any information that the user is able to view.
Modify any information that the user is able to modify.
Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.
Related CVEs
Associated Common Vulnerabilities and Exposures
CVE-2018-1000129
UNKNOWN
An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser.
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Cross-site Scripting (XSS) - Reflected