| 제목 | Portábilis i-Educar 2.9 Cross Site Scripting |
|---|
| 설명 | ### Summary
The application fails to properly validate and sanatize user supplied input, hence leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field.
### Details
While editing the user type, which can be accessed at Configurações > Permissões > Tipos de Usuários, it's possible to insert arbitrary javascript code which is then stored and executed once the user gets back to the previous page.
### PoC
Edit the user type and insert the payload `"><img src=x onerror=alert('Stored-XSS-PoC-RegularUs3r')>`
Once the user goes back to the previous page the payload is triggered.
Affected endpoint => `/usuarios/tipos/2`
Affected parameter => `name`
### Impact
Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions.
### Mitigation
One way to mitigate Cross-Site Scripting vulnerabilites in PHP is to use `htmlentities` when parsing user supplied input |
|---|
| 원천 | ⚠️ https://github.com/RegularUs3r/CVE-Research/blob/main/CVE-2024/Portabilis%20-%20iEducar/Stored%20Cross-Site%20Scripting.md |
|---|
| 사용자 | regularus3r (UID 78515) |
|---|
| 제출 | 2024. 12. 10. AM 02:09 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 12. 21. AM 10:07 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 289154 [Portabilis i-Educar 까지 2.9 Tipo de Usuário Page /usuarios/tipos/2 이름 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|