CVE-2024-22780

[Description] Cross Site Scripting vulnerability in CA17 TeamsACS v.1.0.1 allows a remote attacker to execute arbitrary code via a crafted script to the errmsg parameter.

[Vulnerability Type] Cross Site Scripting (XSS)

[Vendor of Product] CA17

[Affected Product Code Base] https://github.com/CA17/TeamsACS - 1.0.1

[Affected Component] errmsg parameter in the /login endpoint

[Attack Type] Remote

[Impact Code execution] true

[Impact Information Disclosure] true

[Attack Vectors] To exploit the vulnerability the victim has to click on a specifically crafted URL (e.g. address:port/login?errmsg={ANY_HTML_TAG})

[Discoverer] fuomag9

[Reference] http://ca17.com https://github.com/CA17/TeamsACS