Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID? What is an MSC vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: December 29, 2021
OverviewIn “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.
DetailsIFme has stored XSS vulnerability at notifications which can be directly triggered by sending an ally request to the admin.
PoC DetailsIn the normal window, Access the application by going to http://localhost:3000/users/sign_in and login with admin creds. Now, in the incognito window, go to http://localhost:3000/users/sign_in and login as a normal user. Now, as normal user, go to http://localhost:3000/users/edit and change the name to the XSS payload provided below. Go to http://localhost:3000/allies and search for the admin’s email address. Now press on “Add to allies” for the admin profile. Now in the normal window where we are logged in as admin, refresh the page and xss gets triggered.
Affected Environments1.0.0 to v7.31.4
PreventionUpdate to version v7.32
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|