Headline
CVE-2021-25989: WhiteSource Vulnerability Database
In “ifme�, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them.
Overview
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them.
Details
IFme has stored XSS vulnerability in the editor, which can be exploited by making a victim a Leader of a group which triggers the payload for them.
PoC Details
In the normal window, Access the application by going to http://localhost:3000/users/sign_in and login with admin creds. Go to http://localhost:3000/groups/depression-discussion-group and join the group (press the door logo). Now, in the incognito window, go to http://localhost:3000/users/sign_in and login as a normal user. No go to http://localhost:3000/groups/depression-discussion-group/edit and enter the payload (given in the PoC Code section) in the content and tick the checkbox to make the Admin User as one of the leaders. Now submit it. Now in the normal window, where the admin is logged in, access the url http://localhost:3000/groups/depression-discussion-group/edit and we see that xss gets triggered.
PoC Code
<img src=1 onerror="javascript:alert(1)"></img>
Affected Environments
1.0.0 to v7.31.4
Prevention
Update to version v7.32