cve/2021/CVE-2021-46355.md

CVE-2021-46355

Description

OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS).

POC

Reference

• https://medium.com/@windsormoreira/ocs-inventory-2-9-1-cross-site-scripting-xss-cve-2021-46355-a88d72606b7e

Github

• https://github.com/ARPSyndicate/cvemon