cve/2023/CVE-2023-6710.md

CVE-2023-6710

Description

A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.

POC

Reference

No PoCs from references.

Github

• https://github.com/DedSec-47/CVE-2023-6710
• https://github.com/DedSec-47/Metasploit-Exploits-CVE-2023-6710
• https://github.com/NaInSec/CVE-LIST
• https://github.com/fkie-cad/nvd-json-data-feeds
• https://github.com/nomi-sec/PoC-in-GitHub