Financials By Coda Cross Site Scripting

2024.03.16
Credit: Leo Draghi
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79

# Vulnerability type: Cross-site Scripting # Vendor: https://www.unit4.com/ # Product: Financials by Coda # Product site: https://www.unit4.com/fr/products/financial-management-software # Affected version: < 2023Q4 # Fixed version: 2023Q4 # Credit: Léo DRAGHI # CVE: CVE-2024-28734 # PROOF OF CONCEPT The /coda/frameset endpoint, accessible by any unauthenticated user, reflects the value of the cols parameter. Since this value is not properly sanitized and encoded when the web page is rendered, this could allow a malicious actor to execute JavaScript code in the context of another user's browser by only sending to a victim a malicious link. GET /coda/frameset?cols="><frame%20src="javascript:alert('XSS')"> HTTP/2 Host: <target> # TIMELINE – 30/10/2023: Vulnerability found – 02/11/2023: Vendor informed – 05/12/2023: Vendor fixed the issue – 14/03/2024: Public disclosure


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top