icon

We found results for “

CVE-2022-22112

Date: January 13, 2022

Overview

In DayByDay CRM, versions 1.1 through 2.2.1 (latest) suffer from an application-wide Client-Side Template Injection (CSTI). A low privileged attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.

Details

DayByDay CRM is built on Laravel framework. It is vulnerable to Stored Client-Side Template Injection. An attacker can input template injection payloads in the application at various locations to execute JavaScript on the client browser.

PoC Details

Login into the application as a low privileged user, and open a New Task under Tasks on the left panel.
Now inject the below given payload in the Title field and click on create task.
Notice the payload gets triggered as soon as the task is created.
Now this payload is executed when any user of the application accesses All Tasks, and clicks on the task where it is injected.

PoC Code

{{constructor.constructor('alert(1)')()}}

Affected Environments

bottelet/flarepoint - 1.1 through 2.2.1 (latest)

Remediation

Use the "v-pre" directive - https://v3.vuejs.org/api/directives.html#v-pre - that skips the compilation of the injected payload.

Prevention

No fix was provided

Language: PHP

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

No fix version available

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): Single
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional information: