Jenzabar 9.2.2 - 'query' Reflected XSS

vendor:

Jenzabar

by:

y0ung_dst

6.1

CVSS

MEDIUM

Reflected XSS

CWE

Product Name: Jenzabar

Affected Version From: v9.2.0

Affected Version To: v9.2.2

Patch Exists: YES

Related CWE: CVE-2021-26723

CPE: a:jenzabar:jenzabar:9.2.0

Metasploit:

Other Scripts:

Tags: packetstorm,cve,cve2021,jenzabar,xss

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Nuclei References: http://packetstormsecurity.com/files/161303/Jenzabar-9.2.2-Cross-Site-Scripting.html, https://gist.github.com/Y0ung-DST/d1b6b65be6248b0ffc2b2f2120deb205, https://jenzabar.com/blog, https://y0ungdst.medium.com/xss-in-jenzabar-cve-2021-26723-a0749231328, https://nvd.nist.gov/vuln/detail/CVE-2021-26723

Nuclei Metadata: {'max-request': 1, 'vendor': 'jenzabar', 'product': 'jenzabar'}

Platforms Tested: Windows 10

2021

Jenzabar 9.2.2 – ‘query’ Reflected XSS

A Reflected Cross-site scripting (XSS) vulnerability in Jenzabar v9.2.0 through 9.2.2. Attacker could inject web script or HTML via the query parameter (aka the Search Field). To exploit the vulnerability, someone must click the link.

Mitigation:

Sanitize user input and validate against a whitelist of allowed characters or use output encoding to prevent the execution of arbitrary code.

Source

Exploit-DB raw data:

# Exploit Title: Jenzabar 9.2.2 - 'query' Reflected XSS.
# Date: 2021–02–06
# Exploit Author: y0ung_dst
# Vendor Homepage: https://jenzabar.com
# Version: Jenzabar — v9.2.0-v9.2.1-v9.2.2 (and maybe other versions)
# Tested on: Windows 10
# CVE : CVE-2021–26723


-Description:
  A Reflected Cross-site scripting (XSS) vulnerability in Jenzabar v9.2.0 through 9.2.2. Attacker could inject web script or HTML via the query parameter (aka the Search Field). To exploit the vulnerability, someone must click the link.

-Payload used:
  "><script>alert(1)</script>

-Example :
  https://localhost/ics?tool=search&query="><script>alert(1)</script>

-Steps to reproduce:
  1. Open a website that use Jenzabar v9.2.0 through 9.2.2.
  2. In the Search Field, enter anything.
  3. Edit the query by replacing the text with the payload.
  4. Press Enter to trigger the alert.