The document describes a stored XSS vulnerability in the Planet FPS-1101 Print Server's web interface, specifically in the 'NDSContext' field of the NetWare NDS Settings. The PoC demonstrates how an attacker can inject arbitrary script code, which executes when a user accesses the NetWare status page.
Classification
Writeup 100%
Target:
Planet FPS-1101 10/100Mbps Direct Attached Print Server (Firmware: 8.03.30A 0013, 8.03.30A 0007)
No auth needed
Prerequisites:
Network access to the vulnerable device · User interaction to trigger the XSS payload