We found results for “”
CVE-2022-22112
Date: January 13, 2022
Overview
In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.Details
DayByDay CRM is built on Laravel framework. It is vulnerable to Stored Client-Side Template Injection. An attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.PoC Details
Login into the application as a low privileged user, and open a New Task under Tasks on the left panel.Now inject the below given payload in the Title field and click on create task.
Notice the payload gets triggered as soon as the task is created.
Now this payload is executed when any user of the application accesses All Tasks, and clicks on the task where it is injected.
PoC Code
{{constructor.constructor('alert(1)')()}}
Affected Environments
bottelet/flarepoint - 1.1 through 2.2.1 (latest)Remediation
Use the "v-pre" directive - https://v3.vuejs.org/api/directives.html#v-pre - that skips the compilation of the injected payload.Prevention
No fix was providedLanguage: PHP
Good to know:
Base Score: |
|
---|---|
Attack Vector (AV): | Network |
Attack Complexity (AC): | Low |
Privileges Required (PR): | Low |
User Interaction (UI): | Required |
Scope (S): | Changed |
Confidentiality (C): | Low |
Integrity (I): | Low |
Availability (A): | None |
Base Score: |
|
---|---|
Access Vector (AV): | Network |
Access Complexity (AC): | Medium |
Authentication (AU): | Single |
Confidentiality (C): | None |
Integrity (I): | Partial |
Availability (A): | None |
Additional information: |