PT-2024-40397 · Saltcorn · Saltcorn
Published
2024-10-07
·
Updated
2024-10-07
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
Saltcorn versions prior to the version that includes the fix for this issue
Description
The issue is related to stored Cross-Site Scripting (XSS) due to improper sanitization of event log data. This allows an attacker to inject malicious JavaScript code that will be executed in the event log admin panel if event logs are enabled. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited.
Technical details about exploitation include:
- API Endpoints:
/eventlog,/table/new,/viewedit,/menu,/eventlog/settings - Vulnerable Parameters or Variables:
id,ev.payload - Function Names:
isAdmin,error catcher,send events page
Recommendations
For Saltcorn versions prior to the version that includes the fix for this issue:
Sanitize the user input before building HTML elements to prevent stored Cross-Site Scripting (XSS) attacks. As a temporary workaround, consider restricting access to the event log admin panel until a patch is available. Avoid using the
ev.payload variable in the affected API endpoint until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Saltcorn