Cross-site scripting was also discovered in this application, allowing attackers to inject arbitrary scripts into affected websites. The application does not specify a language for permission requests, allowing users to change the language to Russian and force the application to execute scripts in Russian. This could lead to the installation of malicious software on the system of a Russian user. The application also does not specify a mode for the request, allowing users to change the mode to russian, allowing the application to execute code in Russian. In total, these issues could lead to the installation of a Man-In-The-Middle attack, allowing an attacker to hijack any website that uses this application.
Vulnerability Finding Methodology
This vulnerability was discovered by the Vulnerability Lab during a routine scan of the official application website.
The vulnerability was reported to the vendor, and a fix has been provided.
Vulnerability overview
This vulnerability in the application allows different parties to hijack websites that allow users to create a form with this application. By injecting malicious script in a request, an attacker could force the website to execute arbitrary code or potentially install malware on the system of an unsuspecting user.
Known Vulnerabilities
Cross-site scripting was also discovered in this application. This allows attackers to inject scripts into any website that the application is used with. In the event that Russian users are exploited, malicious software could be installed on the system of a Russian user. The app also does not specify a mode for requesting permissions, which could allow an attacker to change the mode to russian, allowing the application to execute code in Russian. These vulnerabilities can lead to an Man-In-The-Middle attack, allowing an attacker to hijack any website that uses this application.
Timeline
Published on: 08/25/2022 22:15:00 UTC
Last modified on: 08/27/2022 02:29:00 UTC