Redwood v4.3.4.5-v4.5.3 XSS

Published on

10 Jan 2022

Vulnerability

Description

A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.

Recommendation

Update Redwood to the latest version.

Experience the Beagle Security platform

Unlock one full penetration test and all Advanced plan features free for 10 days

Related Articles

Information sent using unencrypted channels

Information sent using unencrypted channels

Manieendar Mohan

Cyber Security Lead Engineer

Information leakage of the web application's directory or folder path

Information leakage of the web application's directory or folder path

Cyber Security Lead Engineer

Information leakage using meta tag

Information leakage using meta tag

Cyber Security Engineer

Sensitive data exposure

Sensitive data exposure

Cyber Security Lead Engineer

Potentially dangerous file

Potentially dangerous file

Cyber Security Lead Engineer

Symfony database configuration exposure

Symfony database configuration exposure

Cyber Security Engineer

Test for checking file uploads

Test for checking file uploads

Co-founder, Director

TLS OpenSSL compatibility

TLS OpenSSL compatibility

Cyber Security Engineer

The SWEET32 attack

The SWEET32 attack

Co-founder, Director

Server-Side Includes (SSI) injection

Server-Side Includes (SSI) injection

Cyber Security Lead Engineer

Webflow subdomain takeover detection

Webflow subdomain takeover detection

Cyber Security Engineer

WebDAV detection

WebDAV detection

Co-founder, Director

Content Security Policy (CSP) header not implemented

Content Security Policy (CSP) header not implemented

Cyber Security Engineer

XML-RPC (Remote Procedure Call)

XML-RPC (Remote Procedure Call)

Manieendar Mohan

Cyber Security Lead Engineer

Parameter tampering attack

Parameter tampering attack

Cyber Security Engineer