CVE-2013-6882

CRU Ditto Forensic FieldStation Firmware < 2013Oct15a - Cross-Site Scripting via Username Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6882. PoCs published by Martin Wundram.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Ditto Forensic FieldStation, including OS command injection (CVE-2013-6881), persistent XSS (CVE-2013-6882), CSRF (CVE-2013-6883), and others. It provides examples, CVSS scores, and mitigation steps but does not include functional exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields.

Exploits (1)

exploitdb WRITEUP

by Martin Wundram · textwebappsphp

https://www.exploit-db.com/exploits/30396

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Ditto Forensic FieldStation, including OS command injection (CVE-2013-6881), persistent XSS (CVE-2013-6882), CSRF (CVE-2013-6883), and others. It provides examples, CVSS scores, and mitigation steps but does not include functional exploit code.

Classification

Writeup 100%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Ditto Forensic FieldStation <= 2013Oct15a

No auth needed

Prerequisites: Network access to the vulnerable device

MITRE ATT&CK