SynaMan 4.0 build 1488 - (Authenticated) Cross-Site Scripting

Author: bzyo
type: webapps
platform: windows
port: 
date_added: 2018-09-12 
date_updated: 2019-03-17 
verified: 0 
codes: CVE-2018-10763 
tags: Cross-Site Scripting (XSS)
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comSynaManInstaller_v40v.zip

# Exploit Author: bzyo
# CVE: CVE-2018-10763
# Twitter: @bzyo_
# Exploit Title: SynaMan 4.0 - Authenticated Cross Site Scripting (XSS)
# Date: 09-12-18
# Vulnerable Software: SynaMan 4.0 build 1488
# Vendor Homepage: http://web.synametrics.com/SynaMan.htm
# Version: 4.0 build 1488
# Software Link: http://web.synametrics.com/SynaManDownload.htm
# Tested On: Windows 7 x86

Description
-----------------------------------------------------------------
SynaMan 4.0 suffers from Authenticated Cross Site Scripting (XSS)


Prerequisites
-----------------------------------------------------------------
Admin access to Synaman web console

Proof of Concept
-----------------------------------------------------------------
From Configuration > Advanced Configuration > Partial Branding
- Main heading
- Sub heading

If one were to apply the following XSS payload in either of the fields, alert pop-ups with xss would be present on navigation throughout the web app

<script>alert("xss");</script>

While Chrome does block the XSS payload on apply, simply hitting the back button and selecting "Explore" the payload is stored


Timeline
---------------------------------------------------------------------
05-07-18: Vendor notified of vulnerabilities
05-08-18: Vendor responded and will fix
07-25-18: Vendor fixed in new release
09-12-18: Submitted public disclosure