CVE-2017-13754

MEDIUM

CodeMeter < 6.50a - Cross-Site Scripting via Time Server Configuration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-13754. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Wibu Systems AG CodeMeter WebAdmin v6.50, where an attacker can inject malicious script code into the 'server name' input field of the 'advanced settings - time server' module. The payload is saved and executed on each visit to the affected pages.

Description

Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsmultiple

https://www.exploit-db.com/exploits/42610

View Code ZIP pw:eip

This exploit demonstrates a persistent XSS vulnerability in Wibu Systems AG CodeMeter WebAdmin v6.50, where an attacker can inject malicious script code into the 'server name' input field of the 'advanced settings - time server' module. The payload is saved and executed on each visit to the affected pages.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Wibu Systems AG CodeMeter WebAdmin v6.50

Auth required

Prerequisites: Privileged web-application user account · Access to the CodeMeter WebAdmin interface

MITRE ATT&CK