.. / CVE-2023-41642

Exploit for RealGimm by GruppoSCAI v1.1.37p38 - Cross-Site Scripting (CVE-2023-41642)

Description:

Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user’s browser via a crafted payload injected into the VIEWSTATE parameter.

Nuclei Template

View the template here CVE-2023-41642.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-41642.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2023-41642
https://github.com/CapgeminiCisRedTeam/Disclosure/blob/f7aafa9fcd4efa30071c7f77d3e9e6b14e92302b/CVE%20PoC/CVE-2023-41642%20%7C%20RealGimm%20%20-%20Reflected%20Cross-site%20Scripting.md
https://github.com/CapgeminiCisRedTeam/Disclosure/blob/main/CVE%20PoC/CVE-ID%20%7C%20RealGimm%20%20-%20Reflected%20Cross-site%20Scripting.md