Touchbase.io 1.10 - Stored Cross Site Scripting

vendor:

Touchbase.io

by:

Simran Sankhala

8.8

CVSS

HIGH

Stored Cross Site Scripting

CWE

Product Name: Touchbase.io

Affected Version From: 1.1.0

Affected Version To: 1.1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:touchbase.ai:touchbase.io:1.1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10

2020

Touchbase.io 1.10 – Stored Cross Site Scripting

touchbase.ai application allows stored XSS, via the 'Add User' module, that is rendered upon 'Contacts' page visit. To exploit this vulnerability, the attacker needs to login to the application, goto 'Contacts' module and add the user. Inject the payload = <marquee onstart=alert(document.cookie)> in the 'Name' field, fill the other details, and save the details. Go to the 'Contacts' module again, and the XSS Script is executed in the name field and the pop-up appears with the session cookie details.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.

Source

Exploit-DB raw data:

#Exploit Title: Touchbase.io 1.10 - Stored Cross Site Scripting
#Date: 2020-11-11
#Exploit Author: Simran Sankhala
#Vendor Homepage: https://touchbase.ai/
#Software Link: https://touchbase.ai/
#Version: 1.1.0
#Tested on: Windows 10
#Proof Of Concept:
touchbase.ai application allows stored XSS, via the 'Add User' module,
that is rendered upon 'Contacts' page visit.
To exploit this vulnerability:
Steps to Reproduce:

1. Login to the application, goto 'Contacts' module and add the user
2. Inject the payload = <marquee onstart=alert(document.cookie)> in the
'Name' field
3. Fill the other details, and save the details.
4. Go to the 'Contacts' module again, and we can see that our entered
XSS Script is executed in the name field and the pop-up appears with the
session cookie details.