Exploitation Summary
EIP tracks 2 public exploits for CVE-2013-3320. PoCs published by M. Heinzl.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in NetApp OnCommand System Manager by injecting malicious HTML/script code into the 'full-name' parameter of a POST request. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected browser.
Description
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
Exploits (2)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in NetApp OnCommand System Manager by injecting malicious HTML/script code into the 'full-name' parameter of a POST request. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the affected browser.
This exploit demonstrates an XSS vulnerability in NetApp OnCommand System Manager by injecting malicious HTML/JS into the 'domain-name' parameter of a POST request to the zapiServlet endpoint. The payload triggers an alert dialog, proving arbitrary script execution in the context of the affected browser.
References (3)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N