APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.
References
Link | Resource |
---|---|
https://github.com/its-a-feature/Apfell/commit/5fc64502bc008388514f2b5d1160b677e3b4a7f3 | Patch Third Party Advisory |
https://seekurity.com/blog/2020/04/19/admin/advisories/apfell-post-exploitation-red-team-framework-authenticated-cross-site-scripting-vulnerability | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-01-22T20:44:42
Updated: 2021-01-22T20:44:42
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-23014
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-01-26T18:15:42.257
Modified: 2021-01-29T22:44:40.257
Link: CVE-2020-23014
JSON object: View
Redhat Information
No data.
CWE