| Título | Portábilis i-Educar 2.9 Cross Site Scripting |
|---|
| Descrição | ### Summary
The application fails to properly validate and sanatize user supplied input, hence leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field.
### Details
While editing the user type, which can be accessed at Configurações > Permissões > Tipos de Usuários, it's possible to insert arbitrary javascript code which is then stored and executed once the user gets back to the previous page.
### PoC
Edit the user type and insert the payload `"><img src=x onerror=alert('Stored-XSS-PoC-RegularUs3r')>`
Once the user goes back to the previous page the payload is triggered.
Affected endpoint => `/usuarios/tipos/2`
Affected parameter => `name`
### Impact
Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions.
### Mitigation
One way to mitigate Cross-Site Scripting vulnerabilites in PHP is to use `htmlentities` when parsing user supplied input |
|---|
| Fonte | ⚠️ https://github.com/RegularUs3r/CVE-Research/blob/main/CVE-2024/Portabilis%20-%20iEducar/Stored%20Cross-Site%20Scripting.md |
|---|
| Utilizador | regularus3r (UID 78515) |
|---|
| Submissão | 10/12/2024 02h09 (há 2 anos) |
|---|
| Moderação | 21/12/2024 10h07 (11 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 289154 [Portabilis i-Educar até 2.9 Tipo de Usuário Page /usuarios/tipos/2 Nome Script de Site Cruzado] |
|---|
| Pontos | 20 |
|---|