Provide Server v. 14.4

CWE-79: Improper Neutralization of Input During Web Page Generation

Unauthenticated stored XSS in server-log delivered via username field from login-form

CWE-352: Cross-Site Request Forgery

CSRF-token exposed in javascript, makes it possible to get a valid CSRF-Token and use it in XMLHTTPRequests. Using CSRF to add task, that runs commands on server as "NT-System"

POC Video