CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS

vendor:

CASAP Automated Enrollment System

by:

Anita Gaud

5.4

CVSS

MEDIUM

Stored XSS

CWE

Product Name: CASAP Automated Enrollment System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: CVE-2021-3294

CPE: a:sourcecodester:casap_automated_enrollment_system

Metasploit: https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2022-3162/, https://www.rapid7.com/db/vulnerabilities/oracle_linux-cve-2022-3294/

Other Scripts: N/A

Platforms Tested: Windows

2021

CASAP Automated Enrollment System 1.0 – ‘First Name’ Stored XSS

A stored XSS vulnerability exists in the CASAP Automated Enrollment System 1.0, which allows an attacker to inject malicious JavaScript code into the 'First Name' parameter. This code will be stored and executed every time the page is loaded, allowing the attacker to steal the cookie of an authenticated user.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the application. Additionally, the application should be configured to use secure cookies.

Source

Exploit-DB raw data:

# Exploit Title: CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
# Exploit Author: Anita Gaud
# Vendor Homepage: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html
# Software Link: https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1
# Tested on Windows
# CVE: CVE-2021-3294

*XSS IMPACT:*
1: Steal the cookie
2: User redirection to a malicious website

Vulnerable Parameters: First Name

*Steps to reproduce:*
1: Log in with a valid username and password. Navigate to the Users tab (http://localhost/Final/Final/users.php) on the left-hand side.
2: Add the new user and then add the payload <script>alert(document.cookie)</script>in First Name parameter and click on save button. Post Saved successfully.
3: Now, XSS will get stored and trigger every time and the attacker can steal authenticated users' cookies.