EPESI 1.8.2 Revision 20170830 Cross Site Scripting

2017.10.05
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

# Exploit Title: Multiple Stored XSS in EPESI # Date: 10/03/2017 # Exploit Author: Zeeshan Shaikh # Vendor Homepage: http://epe.si/ # Software Link: http://epe.si/download/ # Version: 1.8.2 rev20170830 # CVE : CVE-2017-14712 to CVE-2017-14717 # Category: webapps XSS 1 (Tasks - Title) Steps to recreate: 1. Home->Tasks->add new 2. Enter title as "MYTITLE" and fill required details but don't click save 3. Start interceptor and intercept request 4. click save 5. Now replace MYTITLE with "<i onclick=alert(1)>alertme</i>"(without quotes) 6. Home->click on alertme XSS 2 (Tasks - Description) Steps to recreate: 1. Create a new task and fill description as "MYDESC" but don't click on save 2. Start intercepting request and then click save on browser 3. Now replace MYDESC with "<script>alert(1)</script>" 4. Go to Home(make sure task applet is there) -> Mouseover on i icon XSS 3 (Tasks/Phonecall - Notes - Title) Steps to recreate: 1. Home->Tasks/PhoneCall->Notes->add new 2. Steps same as XSS 1 3. Click on alertme in notes section XSS 4 (Tasks - Alerts - Title) Steps to recreate: 1. Home->Tasks->Notes->add new 2. Steps same as XSS 1 3. Click on alertme in alerts section XSS 5 (Phonecalls - Subject) Steps to recreate: 1. Create a new phonecall and fill subject as "MYSUB" but don't click on save 2. Start intercepting request and then click save on browser 3. Now replace MYSUB with "<script>alert(1)</script>" 4. Go to Home(make sure task applet is there) -> Mouseover on i icon XSS 6 (Phonecalls - Description) Same as XSS 5


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top