CVE-2021-30119: Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
First published: Fri Jul 09 2021(Updated: )
Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078`
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Kaseya VSA | <9.5.7 |
Remedy
Upgrade to a version above 9.5.6
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/title
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- vendor/kaseya
- canonical/kaseya vsa