Miliaris Amigdala Cross-Site Scripting Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in Miliaris Amigdala version 2.2.6. This vulnerability allows attackers to execute arbitrary HTML in the context of a user's browser by using a crafted payload. The issue arises in the data resource management function, where the vulnerable parameter 'mailSessionId' can be exploited to inject malicious scripts.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute arbitrary JavaScript in the victim's browser. This could be used to steal cookies, session tokens, or other sensitive information accessible to the user.

Reproduction

To reproduce this vulnerability, send a request to the data resource management function of the Miliaris Amigdala web application version 2.2.6. Include a crafted payload in the 'mailSessionId' parameter that injects the desired HTML or JavaScript. When the payload is executed, it will run in the context of the user's browser, demonstrating the cross-site scripting vulnerability.