CVE-2023-45552 in VeridiumIDinfo

Summary

by MITRE • 04/03/2024

In VeridiumID before 3.5.0, a stored cross-site scripting (XSS) vulnerability has been discovered in the admin portal that allows an authenticated attacker to take over all accounts by sending malicious input via the self-service portal.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 02/10/2026

The vulnerability identified as CVE-2023-45552 represents a critical stored cross-site scripting flaw within the VeridiumID authentication system prior to version 3.5.0. This security weakness exists within the administrator portal and specifically affects the self-service functionality that users can access. The vulnerability allows authenticated attackers who already possess valid credentials to exploit the system by injecting malicious scripts through the self-service portal interface. Such an attack vector is particularly dangerous because it leverages existing user privileges to escalate the threat beyond the initial authentication boundary.

The technical implementation of this vulnerability stems from inadequate input validation and output encoding mechanisms within the VeridiumID application. When legitimate users submit data through the self-service portal, the system fails to properly sanitize or escape user-supplied content before storing and subsequently rendering it within the admin interface. This stored XSS condition creates a persistent threat where malicious scripts can execute in the context of other users' sessions, particularly administrators who have elevated privileges. The vulnerability is classified under CWE-79 as a failure to sanitize user input, making it susceptible to manipulation through script injection techniques.

The operational impact of this vulnerability extends far beyond simple data corruption or display issues. An authenticated attacker can leverage this weakness to hijack user sessions, potentially gaining complete administrative control over the entire system. The attack chain involves the attacker first authenticating with valid credentials, then injecting malicious JavaScript code through the self-service portal, which gets stored in the system's database. When other users, particularly administrators, access the affected admin portal, the stored malicious script executes in their browser context, enabling session hijacking, credential theft, or complete account takeover. This scenario directly aligns with ATT&CK technique T1566.001 for credential harvesting through phishing and T1548.001 for privilege escalation.

The implications of this vulnerability are particularly severe given that it affects the core authentication infrastructure of the system. Attackers who successfully exploit this weakness can potentially access all user accounts within the VeridiumID environment, compromising the integrity of the entire authentication ecosystem. The stored nature of the vulnerability means that the malicious payload persists even after the initial injection, creating a long-term threat that can affect multiple users over time. Organizations utilizing affected versions of VeridiumID face significant risk of unauthorized access, data breaches, and potential lateral movement within their network infrastructure. The vulnerability demonstrates a fundamental flaw in the application's security architecture where user input validation is insufficient to prevent malicious code execution.

Mitigation strategies for CVE-2023-45552 must prioritize immediate patching of the affected VeridiumID versions to 3.5.0 or later, which contains the necessary security fixes. Organizations should implement comprehensive input validation and output encoding mechanisms throughout the application to prevent similar vulnerabilities from emerging in other components. Security teams should conduct thorough code reviews focusing on user input handling and implement proper content security policies to prevent script execution. Additionally, network segmentation and monitoring solutions should be deployed to detect anomalous behavior patterns that might indicate exploitation attempts. Regular security assessments and penetration testing should be conducted to identify and remediate similar vulnerabilities before they can be exploited by malicious actors. The fix should include proper sanitization of all user inputs and implementation of secure coding practices that align with industry standards such as those recommended by OWASP and NIST guidelines for preventing cross-site scripting vulnerabilities.

Reservation

10/09/2023

Disclosure

04/03/2024

Moderation

accepted

CPE

ready

EPSS

0.00346

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!