We found results for “”
CVE-2021-25974
Date: November 10, 2021
Overview
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.Details
A user with a “publisher” role is able to inject javascript while creating a page/article which assists in taking over the “admin” account.PoC Details
In incognito mode, sign in to the application as Alice, which is a “publisher” role user.Go to the “/admin/pages/new” endpoint and then create a page with malicious javascript payload. Publish it after putting a custom permalink. Copy the short URL generated.
On another window, login with the admin credentials and paste the short url. XSS will be triggered.
PoC Code
<script>alert(“xss”)</script>
Affected Environments
Publify versions 8.0 to 9.2.4Prevention
Update to Publify version v9.2.5Language: Ruby
Good to know:
Base Score: |
|
---|---|
Attack Vector (AV): | Network |
Attack Complexity (AC): | Low |
Privileges Required (PR): | Low |
User Interaction (UI): | Required |
Scope (S): | Changed |
Confidentiality (C): | Low |
Integrity (I): | Low |
Availability (A): | None |
Base Score: |
|
---|---|
Access Vector (AV): | Network |
Access Complexity (AC): | Medium |
Authentication (AU): | Single |
Confidentiality (C): | None |
Integrity (I): | Partial |
Availability (A): | None |
Additional information: |