| タイトル | Portábilis i-Educar 2.9 Cross Site Scripting |
|---|
| 説明 | ### Summary
The application fails to properly validate and sanatize user supplied input, hence leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field.
### Details
While editing the user type, which can be accessed at Configurações > Permissões > Tipos de Usuários, it's possible to insert arbitrary javascript code which is then stored and executed once the user gets back to the previous page.
### PoC
Edit the user type and insert the payload `"><img src=x onerror=alert('Stored-XSS-PoC-RegularUs3r')>`
Once the user goes back to the previous page the payload is triggered.
Affected endpoint => `/usuarios/tipos/2`
Affected parameter => `name`
### Impact
Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions.
### Mitigation
One way to mitigate Cross-Site Scripting vulnerabilites in PHP is to use `htmlentities` when parsing user supplied input |
|---|
| ソース | ⚠️ https://github.com/RegularUs3r/CVE-Research/blob/main/CVE-2024/Portabilis%20-%20iEducar/Stored%20Cross-Site%20Scripting.md |
|---|
| ユーザー | regularus3r (UID 78515) |
|---|
| 送信 | 2024年12月10日 02:09 (1 年 ago) |
|---|
| モデレーション | 2024年12月21日 10:07 (11 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 289154 [Portabilis i-Educar 迄 2.9 Tipo de Usuário Page /usuarios/tipos/2 名前 クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|