https://blog.munz4u.de/tags/rxss/ Recent content in Rxss on Marc-Oliver Munz Hugo en-us <a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a> Wed, 08 Mar 2023 12:00:00 +0100 https://blog.munz4u.de/posts/2023/03/cve-2023-25295-ato-via-rxss-in-evewa3-community/ Wed, 08 Mar 2023 12:00:00 +0100 https://blog.munz4u.de/posts/2023/03/cve-2023-25295-ato-via-rxss-in-evewa3-community/ <style> table { width: 100%; border-collapse: collapse; margin-bottom: 20px; /* Optional: Add some spacing between the table and other elements */ } th, td { padding: 10px; border: 1px solid #ddd; text-align: left; } @media screen and (max-width: 600px) { th, td { display: block; width: 100%; box-sizing: border-box; } } </style> <h2 id="tldr">TL;DR</h2> <p>The GRÜN eVEWA Community versions 31 to 53 were susceptible to a reflected Cross-Site Scripting (rXSS) vulnerability in the login form. This vulnerability enables attackers to acquire escalated privileges by submitting a crafted request to the login panel. To address this issue, a security patch labeled &ldquo;H1&rdquo; has been applied across versions 31 to 53.</p>