Menu

#42 Cross Site Scripting Vulnerability on "name" via "Company Details" feature in WebTareas version 2.1

2.0
closed
Luis, Wang
Bug (3)
2020-09-03
2020-06-24
tran nam
No

Describe the bug
An authenticated malicious user can take advantage of a Reflected XSS vulnerability on "textbox" via "Notifications & data" feature in LimeSurvey version 4.2.5
To Reproduce
Steps to reproduce the behavior:
1. Log into the panel.
2. Go to "/webtareas/administration/mycompany.php"
3. Select "name:"
4. Insert Payload in "textbox":
"><script>alert(1)</script>
5. Click "save"
Expected behavior
The removal of script tags is not sufficient to prevent an XSS attack.
You must HTML Entity encode any output that is Reflected back to the page.
Impact
Commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.
Screenshots

1 Attachments
1234.PNG

Discussion

  • AppleBois

    AppleBois - 2020-06-24

    To be honest .... this program vulnerable to XSS everywhere.

     

    • tran nam

      tran nam - 2020-06-24

      I think so :D :D

       

      • AppleBois

        AppleBois - 2020-06-24

        If you're new and looking for CVE like me. this is the right place.
        I'm here to look for CVEs boost my resume so it look nicer.
        But don't focus much on XSS, look for RCE.
        Like one of my ticket #40 file upload shtml trigger the file

         
        😄
        1

        Last edit: AppleBois 2020-06-24

        • tran nam

          tran nam - 2020-06-24

          yes, i is new member,
          I hope there will be cve

           

          • AppleBois

            AppleBois - 2020-06-24

            I'm *
            There might be a chance that CVE will assigned you a CVE ID, but all might 'under' my Multiple XSS category. However you may try

             

            • tran nam

              tran nam - 2020-06-25

              Did you send the request?
              Can you share me some experience about searching RCE?
              Do you join the bug crowd?

               

              • AppleBois

                AppleBois - 2020-06-25

                I did, but been a week no response, maybe the other product's vendor not reponse to CVE so they can't issue CVE ID , i guess.
                I'm not a bug crowd fans.
                I focusing my degree right now.

                 

                • tran nam

                  tran nam - 2020-06-25

                  Whether the vendor accepts the error or not is not related to cve id issue. I submitted some unrecognized bugs but still have one cve. : D: D

                   

                  • AppleBois

                    AppleBois - 2020-06-25

                    Last time i get 6 disputed CVE because vendor disagree .....
                    well
                    HAHA.
                    So you requested CVE ID ?
                    Did CVE Mitre response to you ?

                     

  • Luis, Wang

    Luis, Wang - 2020-06-24

    Follow your steps, I can't reproduce the issue.
    Did you install 'webTareas v2.1' or 'webTareasv2.1p1' ?

     

    • tran nam

      tran nam - 2020-06-25

      i use webTareas v2.1.
      https://anh.im/image/lGq
      you can see image are webTareas v2.1.

       

  • Luis, Wang

    Luis, Wang - 2020-09-03
    • status: open --> closed
     

  • Luis, Wang

    Luis, Wang - 2020-09-03

    webTareas v2.1 p3 released

     

Log in to post a comment.