CiviCRM 5.59.alpha1 – Stored XSS (Cross-Site Scripting)

• Exploit Database
• 14 阅读

• 作者： Andrea Intilangelo
  日期： 2023-05-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51478/

• # Exploit Title: CiviCRM 5.59.alpha1 - Stored XSS (Cross-Site Scripting)
  # Date: 2023-02-02
  # Exploit Author: Andrea Intilangelo
  # Vendor Homepage: https://civicrm.org
  # Software Link: https://civicrm.org/download
  # Version: 5.59.alpha1, 5.58.0 (and earlier), 5.57.3 (and earlier)
  # Tested on: Latest Version of Desktop Web Browsers (ATTOW: Firefox 109.0.1, Microsoft Edge 109.0.1518.70)
  # CVE: CVE-2023-25440 
  Vendor Security Advisory: CIVI-SA-2023-05
  
  
  Description:
  
  A stored cross-site scripting (XSS) vulnerability in CiviCRM 5.59.alpha1 allows attacker to execute arbitrary web
  scripts or HTML.
  
  Injecting persistent javascript code inside the "Add Contact" function while creating a contact, in first/second name
  field, it will be triggered once page gets loaded.
  
  
  Steps to reproduce:
  
  - Quick Add contact to CiviCRM,
  - Insert a payload PoC inside the field(s)
  - Click on 'Add contact'.
  
  If a user visits the dashboard, as well as "Recently added" box, the javascript code will be rendered.