icon

We found results for “

CVE-2021-25989

Date: December 29, 2021

Overview

In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them.

Details

IFme has stored XSS vulnerability in the editor, which can be exploited by making a victim a Leader of a group which triggers the payload for them.

PoC Details

In the normal window, Access the application by going to http://localhost:3000/users/sign_in and login with admin creds. Go to http://localhost:3000/groups/depression-discussion-group and join the group (press the door logo). Now, in the incognito window, go to http://localhost:3000/users/sign_in and login as a normal user. No go to http://localhost:3000/groups/depression-discussion-group/edit and enter the payload (given in the PoC Code section) in the content and tick the checkbox to make the Admin User as one of the leaders. Now submit it. Now in the normal window, where the admin is logged in, access the url http://localhost:3000/groups/depression-discussion-group/edit and we see that xss gets triggered.

PoC Code

<img src=1 onerror="javascript:alert(1)"></img>

Affected Environments

1.0.0 to v7.31.4

Prevention

Update to version v7.32

Language: Ruby

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

Upgrade to version v7.32

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: