{"id":14844,"date":"2025-08-28T13:53:22","date_gmt":"2025-08-28T13:53:22","guid":{"rendered":"http:\/\/localhost\/?p=14844"},"modified":"2025-08-28T13:53:22","modified_gmt":"2025-08-28T13:53:22","slug":"beakon-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=14844","title":{"rendered":"\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951"},"content":{"rendered":"

{“lastseen”:”2025-08-28T18:31:35″,”description”:”Beakon…………………………”,”published”:”2025-08-28T00:00:00″,”modified”:”2025-08-28T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Beakon Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:208951″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55372″],”sourceData”:”Title: Cross Site Scripting\/Phishing Delivery through File upload in Beakon versions prior to 5.4.3\\n \\n Description:\\n \\n The vulnerability exists due to insufficient validation of uploaded file types or names in the Beakon Application. An attacker can bypass the file extension allowed list and upload HTML contents including scripts. This uploaded file, containing malicious script content (for XSS) or deceptive content (for phishing), is then stored on the server and can be accessed via a specific URL. When another user (e.g., an administrator or another user viewing the attacker s profile\/content) accesses this file, the script executes in their browser (Stored XSS), or they are presented with a phishing page.\\n \\n Source Name:\/Email: g30ff1r1\\n CVE: CVE-2025-55372 (Reserved for now)\\n Affected Software: Beakon Software\\n Affected Versions: versions prior to 5.4.3\\n Software URL: https:\/\/beakon.com.au\/, https:\/\/beakon.io\/\\n \\n Proof of Concept\/Content:\\n \\n Attacker can bypass the file extension to upload malicious HTML file which can be used for delivering phishing contents , XSS attacks. A two-stage vulnerability chain enables attackers to upload and actively render malicious HTML files by abusing both:\\n \\n 1. A filename extension bypass (e.g., appending a dot at the end of the allowed extension)\\n \\n 2. A rendering control parameter (download=0) used in the file preview logic, attacker can deliver the malicious URL or wait for victim to browse \/file\/preview?id=\\u003cmalicious_file_id\\u003e\\u0026download=0\\n \\n This enables delivery of stored XSS payloads or phishing pages under the application’s trusted domain.”,”sourceHref”:”https:\/\/packetstorm.news\/download\/208951″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/208951\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2025-08-28T18:31:35″,”description”:”Beakon…………………………”,”published”:”2025-08-28T00:00:00″,”modified”:”2025-08-28T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Beakon Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:208951″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55372″],”sourceData”:”Title: Cross Site Scripting\/Phishing Delivery through File upload in Beakon versions prior to 5.4.3\\n \\n Description:\\n \\n The vulnerability exists due…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-14844","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=14844\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2025-08-28T18:31:35″,”description”:”Beakon…………………………”,”published”:”2025-08-28T00:00:00″,”modified”:”2025-08-28T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Beakon Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:208951″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55372″],”sourceData”:”Title: Cross Site Scripting\/Phishing Delivery through File upload in Beakon versions prior to 5.4.3n n Description:n n The vulnerability exists due...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=14844\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2025-08-28T13:53:22+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14844#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14844\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951\",\"datePublished\":\"2025-08-28T13:53:22+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14844\"},\"wordCount\":372,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=14844#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14844\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14844\",\"name\":\"\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2025-08-28T13:53:22+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14844#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=14844\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=14844#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=14844","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951 - zero redgem","og_description":"{“lastseen”:”2025-08-28T18:31:35″,”description”:”Beakon…………………………”,”published”:”2025-08-28T00:00:00″,”modified”:”2025-08-28T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Beakon Cross Site Scripting”,”source”:””,”references”:””,”id”:”PACKETSTORM:208951″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[“CVE-2025-55372″],”sourceData”:”Title: Cross Site Scripting\/Phishing Delivery through File upload in Beakon versions prior to 5.4.3n n Description:n n The vulnerability exists due...","og_url":"https:\/\/zero.redgem.net\/?p=14844","og_site_name":"zero redgem","article_published_time":"2025-08-28T13:53:22+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=14844#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=14844"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951","datePublished":"2025-08-28T13:53:22+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=14844"},"wordCount":372,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=14844#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=14844","url":"https:\/\/zero.redgem.net\/?p=14844","name":"\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2025-08-28T13:53:22+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=14844#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=14844"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=14844#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 Beakon Cross Site Scripting_PACKETSTORM:208951"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/14844","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14844"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/14844\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14844"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14844"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14844"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}