onTrack - IT Asset Management & Project Management CMS v1.16 Stored XSS

2019.04.16

QUIXSS (RU)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

«onTrack - IT Asset Management & Project Management» have no input field filtering, so we have a multiple XSS here.
PoC: Go to the demo website http://demos.codeniner.com/ontrack/?route=signin and login as admin. Choose section u want, like «Clients», «Inventory», «Projects», «Knowledge Base», etc. etc. Any input field that u can find inside this system is vulnerable, so use any payload u want, f.e.: "><img src="x" onerror="alert('cxsecurity');"> and it will work. Plus, .SVG files upload are allowed, so you can upload an «evil» .SVG with cookie stealer inside, for example.

References:

https://codecanyon.net/item/ontrack-it-asset-management-project-management/14772352

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

onTrack - IT Asset Management & Project Management CMS v1.16 Stored XSS

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.