Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: January 5, 2022
OverviewIn Daybyday CRM, version 2.2.0 is vulnerable to Stored Cross-Site Scripting (XSS) vulnerability that allows low privileged application users to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.
DetailsDaybyday CRM is affected by a stored XSS vulnerability that allows low privileged application users (having permission to create tasks) to store malicious scripts in the title field of new tasks. These scripts are executed in a victim’s browser when they open the “/tasks” page to view all the tasks.
PoC DetailsFor demonstration purposes we'll use 2 users:
email@example.com (low privileged user)
Login to the application as firstname.lastname@example.org, which has a role Employee and has permissions to create tasks.
On the attacker’s machine, create a file called “test.js” with contents as given below.
Run a PHP server to host the “test.js” file.
Login as email@example.com and go to All Tasks from the left pane, and will notice that an alert pops up with content hosted on the PHP server.
Login with firstname.lastname@example.org. Add “/users/calendar-users” to the url, and the absences for all the users will be available in the returned JSON data.
Affected Environmentsbottelet/flarepoint - 2.2.0
PreventionUpdate to 2.2.1 in "bottelet/flarepoint" package, 2.2.1 in "Bottelet/DaybydayCRM" repo.
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|