PT-2024-25996 · Sunhillo · Sunhillo Sureline
Silent6Trinity
·
Published
2024-05-16
·
Updated
2024-07-03
·
CVE-2024-34582
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sunhillo SureLine versions through 8.10.0
Description
The issue allows for cgi/usrPasswd.cgi userid change XSS within the Forgot Password feature. This can be exploited through the
/cgi/usrPasswd.cgi endpoint, specifically targeting the userid change parameter.Recommendations
For Sunhillo SureLine versions through 8.10.0, consider disabling the Forgot Password feature until a patch is available. Restrict access to the
/cgi/usrPasswd.cgi endpoint to minimize the risk of exploitation. Avoid using the userid change parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sunhillo Sureline