Flexmonster Pivot Table & Charts 2.7.17 Remote Report Reflected XSS

2020.12.24

Credit: Marco Nappi

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2020-20140

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

# Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'Remote Report' Reflected XSS
# Date: 08/01/2020
# Exploit Author: Marco Nappi
# Vendor Homepage: https://www.flexmonster.com/
# Version:Flexmonster Pivot Table & Charts 2.7.17
# Tested on:Flexmonster Pivot Table & Charts 2.7.17
# CVE : CVE-2020-20140
Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17
Reflected XSS:
The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). Below I have provided an example URL. When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.
payload:
<svg onload=alert("OpenRemoteReport")><!--

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Flexmonster Pivot Table & Charts 2.7.17 Remote Report Reflected XSS

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.