CVE-2023-34830: GitHub - leekenghwa/CVE-2023-34830---Reflected-XSS-found-in-I-doit-Open-v24-and-below

CVE-2023-34830 - Reflected XSS found in i-doit Open v24 and below

i-doit Open v24 and below are vulnerable to Reflected XSS vulnerability. These vulnerabilities could allows remote authenticated attackers to inject arbitrary web script or HTML.

Description of product : i-doit is a web based Open Source IT documentation and CMDB (Configuration Management Database) developed by synetics GmbH

Description of vulnerability : We found that this web application allows any authenticated user to inject arbitrary web script or HTML into affected parameter.

Affected Webpage : main login page

Affected Parameter&Component : ?timeout

Step 1 : Add ?timeout after main login page, Screenshot below shows the error message after insert the ?timeout parameter.

Step 2 : Add the XSS payload after the ?timeout , then login with valid credential, as this is a Reflected XSS, it will Reflect your result after you have successfully login

payload used : a19yc%22%3e%3cscript%3ealert(%22THIS%20IS%20XSS%20FROM%20BB%22)%3c%2fscript%3emjf9oc2183m

Note. you may need 2-3 times to trigger the XSS payload , so just redo if first login is failed…

PS : Vendor have acknowledged and will release the bug fixes in i-doit open 25, Surprisingly, i only received the notification from i-doit pro 25.