Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

eramba Enterprise / Community Cross Site Scripting

🗓️ 16 Dec 2016 00:00:00Reported by Yunus YILDIRIMType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 61 Views

eramba Stored XSS Vulnerability in Notification Pag

Code
`# Exploit Title: eramba Enterprise & Community Editions Stored XSS  
# Author: Yunus YILDIRIM (Th3GundY)  
# Team: CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com  
# Website: www.yunus.ninja  
# Contact: [email protected]  
  
  
1. ADVISORY INFORMATION  
=======================  
Product: eramba Open-Source IT GRC   
Description: eramba is a web-application that helps with the analysis, management and reporting of Security,   
Governance, Risk and Compliance challenges.  
Founded in 2011 and followed by a community of tens of thousands, we are building the leading  
open-source GRC application on Internet.  
Vendor URL: http://www.eramba.org  
Download Link: http://www.eramba.org/resources/download/  
  
  
2. VULNERABILITY SUMMARY  
========================  
  
Stored XSS in Notification Page.  
eramba is vulnerable to a stored XSS when an user created Notifications with an  
malicious payload on the "Notification Name" field.  
The html/javascript payload is executed when another user tries to use the  
see Notifications.  
  
  
  
3. TECHNICAL DETAILS  
========================  
  
Stored XSS in Notification Page.  
eramba is vulnerable to a stored XSS when an user created Notifications with an  
malicious payload on the "Notification Name" field.  
The html/javascript payload is executed when another user tries to use the  
see Notifications.  
  
  
4. PROOF OF CONCEPT  
========================  
  
PoC for Enterprise or Community Edition:  
1- Go, System - Settings - Notifications menu or   
Just go http://<eramba-IP>/notificationSystem/attach/Project  
2- Click Manage button  
3- Add Warning or Add Awareness or Add Default. You can select anyone of them.  
4- In "Notification Name" field, here is the payload "><svg/onload=prompt(/CT-Zer0/)>   
5- Save it, you see pop-up  
/notificationSystem/index/Project  
  
PoC Video: https://www.youtube.com/watch?v=03xNMcpXqTs  
  
  
5. AFFECTED VERSIONS  
====================  
Community Edition <= c1.0.6.001  
Enterprise Edition <= e1.0.6.018  
  
  
Vulnerability Disclosure Timeline:  
=========================  
29/11/2016 - Contact With Vendor  
30/11/2016 - Vendor Response  
14/12/2016 - Public Dislosure  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Dec 2016 00:00Current
0.4Low risk
Vulners AI Score0.4
eramba open-source grcstored xssnotification pagevulnerability disclosure
61