Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6
CVE-2021-30119

5.4MEDIUM

Key Information:

Vendor

Kaseya

Status
Vsa
Vendor
CVE Published:
9 July 2021

What is CVE-2021-30119?

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script> The same is true for the parameter FileName of /done.asp Eaxmple request: https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078

References

https://csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/
x_refsource_CONFIRM
https://csirt.divd.nl/DIVD-2021-00011
x_refsource_CONFIRM
https://csirt.divd.nl/CVE-2021-30119
x_refsource_CONFIRM

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Discovered by Wietse Boonstra of DIVD
Additional research by Frank Breedijk and Hidde Smit of DIVD
.