| Title | Portábilis i-Educar 2.9 Cross Site Scripting |
|---|
| Description | ### Summary
The application fails to properly validate and sanatize user supplied input, hence leading to a stored cross-site scripting vulnerability that resides within the user type (Tipo de Usuário) input field.
### Details
While editing the user type, which can be accessed at Configurações > Permissões > Tipos de Usuários, it's possible to insert arbitrary javascript code which is then stored and executed once the user gets back to the previous page.
### PoC
Edit the user type and insert the payload `"><img src=x onerror=alert('Stored-XSS-PoC-RegularUs3r')>`
Once the user goes back to the previous page the payload is triggered.
Affected endpoint => `/usuarios/tipos/2`
Affected parameter => `name`
### Impact
Through this attacker vector a malicious user might be able to retrieve information belonging to another user, which may lead to sensitive information leakage or other malicious actions.
### Mitigation
One way to mitigate Cross-Site Scripting vulnerabilites in PHP is to use `htmlentities` when parsing user supplied input |
|---|
| Source | ⚠️ https://github.com/RegularUs3r/CVE-Research/blob/main/CVE-2024/Portabilis%20-%20iEducar/Stored%20Cross-Site%20Scripting.md |
|---|
| User | regularus3r (UID 78515) |
|---|
| Submission | 12/10/2024 02:09 (1 Year ago) |
|---|
| Moderation | 12/21/2024 10:07 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 289154 [Portabilis i-Educar up to 2.9 Tipo de Usuário Page /usuarios/tipos/2 Name cross site scripting] |
|---|
| Points | 20 |
|---|