Relate Learning And Teaching system Version before 2024.1 Stored XSS

2024.04.21

kai6u (JP)

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2024-32405(Reserved)

CWE: N/A

# Exploit Title: Relate Learning And Teaching system Version before 2024.1 Stored XSS
# Date: 18/04/2024
# Exploit Author: kai6u
# Vendor Homepage: https://github.com/inducer/
# Software Link: https://github.com/inducer/relate
# Version: 2024.1 (https://github.com/inducer/relate/commit/2fdbd4480a2d0a45c746639be244a61a0d4112b6)
# Tested on: Ubuntu 22.04
# CVE : CVE-2024-32405(Reserved)
Stored XSS is performed when the payload is stored and the results are referenced when the exam content is submitted.
1) First, Attacker answer question with below payload.
 * Paylod: <script>alert(1)</script>
2) Next, Course Administrator or Instructor logged in and check answer of this student.( with Exam Analytics view)
 * Access to quiz_start/inlinemultin url.
3) Executed Payload and Alert was popped up.
* An attacker can use this feature to force arbitrary requests via JavaScript on users who can view the results.

References:

https://portswigger.net/web-security/cross-site-scripting/stored

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Relate Learning And Teaching system Version before 2024.1 Stored XSS

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.