Authenticated Stored XSS in IPFire Captive Portal via Title of Login Page Text Box or TITLE Parameter

Authenticated Stored XSS in IPFire Captive Portal via Title of Login Page Text Box or TITLE Parameter

CVE-2020-19202 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page.

Learn more about our Web App Pen Testing.