Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11

vendor:

SeedDMS

by:

Nimit Jain

6.1

CVSS

MEDIUM

Stored XSS

CWE

Product Name: SeedDMS

Affected Version From: < 5.1.11

Affected Version To: < 5.1.11

Patch Exists: YES

Related CWE: CVE-2019-12801

CPE: a:seeddms:seeddms

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: NA

2019

Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11

A persistent cross-site scripting (XSS) vulnerability exists in out/out.GroupMgr.php in SeedDMS before 5.1.11. An authenticated user with admin privileges can inject arbitrary JavaScript code into the application. This code will be executed in the browser of any user who visits the application. To exploit this vulnerability, an attacker must be authenticated as an admin user and create a new group with a malicious JavaScript payload. When the group is chosen, the malicious code will be executed in the browser of any user who visits the application.

Mitigation:

Upgrade to SeedDMS version 5.1.11 or later.

Source

Exploit-DB raw data:

# Exploit Title: [Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11]
# Google Dork: [NA]
# Date: [17-June-2019]
# Exploit Author: [Nimit Jain](https://www.linkedin.com/in/nimitiitk)(https://secfolks.blogspot.com)
# Vendor Homepage: [https://www.seeddms.org]
# Software Link: [https://sourceforge.net/projects/seeddms/files/]
# Version: [< 5.1.11] (REQUIRED)
# Tested on: [NA]
# CVE : [CVE-2019-12801]

Proof-of-Concept:

Step 1: Login to the application and go to Groups Management in Admin tools.
Step 2: Now create a new group as hello<script>alert("group")</script>
Step 3: Now save it click on choose group to execute the javascript inserted above.