Cross-site Scripting (XSS) - Reflected in azuracast/azuracast
Aug 27th 2021
The Application is Vulnerable to reflected HTML Injection
🕵️♂️ Proof of Concept
Open the following page in the browser as admin. The page is vulnerable to HTML Injection.
An Iframe is injected into the page using the HTML Injection vulnerability.
HTML injection is a type of injection vulnerability that occurs when a user is able to control an input point and is able to inject arbitrary HTML code into a vulnerable web page. This vulnerability can have many consequences, like disclosure of a user’s session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.