Headline

CVE-2023-23011: XSS in InvoicePlane

Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php.

1 year ago

CVE

Open in Source

#xss #vulnerability #js #git #php

CVE-2023-23011 is assigned

Link: https://github.com/InvoicePlane/InvoicePlane

Multiple XSS vulnerabilities.

Vulnerability1: In file InvoicePlane-development\application\modules\products\controllers\Ajax.php

$filter_product = $this->input->get(‘filter_product’); //… $data = array( ‘products’ => $products, ‘families’ => $families, ‘filter_product’ => $filter_product, ‘filter_family’ => $filter_family, ‘default_item_tax_rate’ => $default_item_tax_rate, ); //… $this->layout->load_view('products/modal_product_lookups’, $data);

In file InvoicePlane-development\application\modules\products\views\modal_product_lookups.php

<?php echo $filter_product ?>

Vulnerability2: In file InvoicePlane-development\application\modules\invoices\controllers\Ajax.php with invoice_id

public function modal_create_recurring(){ $data = [ ‘invoice_id’ => $this->input->post(‘invoice_id’), ‘recur_frequencies’ => $this->mdl_invoices_recurring->recur_frequencies, ];

  $this\->layout\->load\_view('invoices/modal\_create\_recurring', $data);

}

Then, it is printed without sanitization in file InvoicePlane-development\application\modules\invoices\views\modal_create_recurring.php

<?php echo $invoice_id; ?>

Similar to that:

Vulnerability3: invoice_id in InvoicePlane-development\application\modules\invoices\controllers\Ajax.php and printed in modal_create_recurring.php

Vulnerability4: invoice_id in InvoicePlane-development\application\modules\invoices\controllers\Ajax.php and printed in modal_create_credit.php

Vulnerability5: quote_id in InvoicePlane-development\application\modules\quotes\controllers\Ajax.php and printed in modal_copy_quote.php

Vulnerability6: invoice_id in InvoicePlane-development\application\modules\invoices\controllers\Ajax.php and printed in modal_copy_invoice.php

Vulnerability7: quote_id in InvoicePlane-development\application\modules\quotes\controllers\Ajax.php and printed in modal_change_client.php

Vulnerability8: payment_cf_exist in InvoicePlane-development\application\modules\quotes\controllers\Ajax.php and printed in modal_add_payment.php

Vulnerability9: quote_id in InvoicePlane-development\application\modules\quotes\controllers\Ajax.php and printed in the same page.

public function change_client(){ //… $client_id = $this->input->post(‘client_id’); //… $response = [ ‘success’ => 1, ‘quote_id’ => $quote_id, ]; //…

  echo json\_encode($response);

}

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

12 months ago

12 months ago

12 months ago

12 months ago

12 months ago