| 제목 | timschofield WebERP 5.0.0.rc+13 Cross Site Scripting |
|---|
| 설명 | A Cross-Site Scripting (XSS) vulnerability exists in the application, which allows a user with the Inquiries/Order Entry security role to inject malicious scripts through the Narrative field when creating an order. This XSS attack can lead to privilege escalation, allowing the attacker to create a new user with System Administrator privileges. The attack is triggered when a user with permissions to create new users accesses the Confirm Dispatch and Invoice page.
An attacker can exploit this vulnerability by sending a specially crafted URL to a system administrator. The administrator, unaware of the malicious payload, opens the link, unknowingly executing the script. This results in a new System Administrator user being created in the system.
The malicious payload is rendered from this script: ConfirmDispatch_Invoice.php
- The vendor was contacted on February 24th via email and by submitting a GitHub security advisory. The vendor accepted the advisory and was fast with responses.
- When asked about a demo environment, the vendor said they did not have any and asked if I could set it up.
- Demo environment was set up for the vendor on February 25th.
- Vendor did not respond after the demo environment was provided. Several attempts for contact were made via the advisory and email.
Last contact was on February 24th via email.
|
|---|
| 원천 | ⚠️ https://www.singto.io/pocsforexploits/weberp/weberp-xss-confirm-dispatch.html |
|---|
| 사용자 | Jelle Janssens (UID 81048) |
|---|
| 제출 | 2025. 03. 13. AM 08:44 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 24. PM 12:40 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 300735 [timschofield webERP 까지 5.0.0.rc+13 Confirm Dispatch and Invoice Page ConfirmDispatch_Invoice.php Narrative 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|