漏洞描述
IBM Aspera Console是美国国际商业机器(IBM)公司的一个基于 Web 的应用程序。允许用户集中管理、监控和控制 Aspera 服务器(节点)和传输。 IBM Aspera Console 3.4.4及之前版本存在跨站脚本漏洞,该漏洞源于允许嵌入任意JavaScript代码,可能导致凭据泄露。
IBM Aspera Console 跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- POC cockroachdb-unauth-exposure: CockroachDB Unauthenticated Console Exposure
- Apache ActiveMQ Artemis Console存在默认账号密码
- POC CVE-2015-3224: Ruby on Rails Web Console - Remote Code Execution
- POC CVE-2018-17431: Comodo Unified Threat Management Web Console - Remote Code Execution
- POC CVE-2018-19439: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
- POC CVE-2019-2729: Oracle WebLogic Server Administration Console - Remote Code Execution
- POC CVE-2020-14883: Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution
- POC CVE-2020-17453: WSO2 Carbon Management Console <=5.10 - Cross-Site Scripting
- POC CVE-2021-41266: MinIO Operator Console Authentication Bypass
- POC CVE-2022-24856: Flyte Console <0.52.0 - Server-Side Request Forgery
- POC CVE-2022-47986: IBM Aspera Faspex <=4.4.2 PL1 - Remote Code Execution
- POC CVE-2023-32315: Openfire Administration Console - Authentication Bypass
- POC CVE-2024-50498: WP Query Console <= 1.0 - Remote Code Execution