| عنوان | Portábilis i-Educar 2.9 Cross Site Scripting |
|---|
| الوصف | ### Summary
The application fails to properly validate and sanatize user supplied input, hence leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field.
### Details
While editing the user type, which can be accessed at Configurações > Permissões > Tipos de Usuários, it's possible to insert arbitrary javascript code which is then stored and executed once the user gets back to the previous page.
### PoC
Edit the user type and insert the payload `"><img src=x onerror=alert('Stored-XSS-PoC-RegularUs3r')>`
Once the user goes back to the previous page the payload is triggered.
Affected endpoint => `/usuarios/tipos/2`
Affected parameter => `name`
### Impact
Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions.
### Mitigation
One way to mitigate Cross-Site Scripting vulnerabilites in PHP is to use `htmlentities` when parsing user supplied input |
|---|
| المصدر | ⚠️ https://github.com/RegularUs3r/CVE-Research/blob/main/CVE-2024/Portabilis%20-%20iEducar/Stored%20Cross-Site%20Scripting.md |
|---|
| المستخدم | regularus3r (UID 78515) |
|---|
| ارسال | 10/12/2024 02:09 AM (1 سنة منذ) |
|---|
| الاعتدال | 21/12/2024 10:07 AM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 289154 [Portabilis i-Educar حتى 2.9 Tipo de Usuário Page /usuarios/tipos/2 الأسم البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|