CVEs-PoC/2020/CVE-2020-23014.md

### [CVE-2020-23014](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23014)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

APfell 1.4 is vulnerable to authenticated reflected cross-site scripting (XSS) in /apiui/command_ through the payloadtypes_callback function, which allows an attacker to steal remote admin/user session and/or adding new users to the administration panel.

### POC

#### Reference
- https://seekurity.com/blog/2020/04/19/admin/advisories/apfell-post-exploitation-red-team-framework-authenticated-cross-site-scripting-vulnerability

#### Github
No PoCs found on GitHub currently.