Presentation

A XSS exploit is possible in eonweb, the injection parameter is url. An authentificated used can execute arbitary javascript commands in the eonweb interafce for example. This exploit need an authentification and is more relevant of a pishing attack. This is why it is not consider as a real threat.

Exploit

We have no knowledge of an exploit today.

Impacted Version(s)

EON 5.3 (All versions from 5.3-8)

Fixed Version(s)

Every Eon version from :

EON 5.3-9

Fix

Download latest EON fixed version.

https://github.com/EyesOfNetworkCommunity/eonweb/issues/67