Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

Reflected XSS on Amazon EC2 Instance

High
A
AWS VDP
Submitted None
Actions:
View on HackerOne
Reported by perigou

Vulnerability Details

Technical details and impact analysis

Reflected XSS
Product: Amazon Elastic Compute Cloud (Amazon EC2) Vulnerability Type: Reflected Cross-Site Scripting (XSS) CVE: CVE-2022-29548 Severity: Medium Description: A reflected XSS vulnerability was discovered on the Amazon EC2 instance, allowing an attacker to inject malicious JavaScript code, potentially leading to unauthorized access to sensitive data or system compromise. Proof of Concept: URL: ███████);alert(document.domain)// ## Impact ## The payload is injected into the errorCode parameter, which is reflected back to the user without proper validation or sanitization. This allows an attacker to execute arbitrary JavaScript code in the context of the vulnerable page

Related CVEs

Associated Common Vulnerabilities and Exposures

CVE-2022-29548 MEDIUM

A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key …

Report Details

Additional information and metadata

State

Closed

Substate

Informative

Submitted

Weakness

Reflected XSS