Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
WS-2022-0077
Date: February 14, 2022
Overview
Helpy application versions 2.1.0 to 2.8.0 are vulnerable to Stored XSS in Delete user and Anonymize User functionalities. A low privileged user can inject JavaScript payload in the name field from his profile. When the admin visits the users page and takes an action to either delete the user or anonymize the user the payload gets loaded and triggers XSS by loading external JavaScript into the application.Details
The “Helpy” application is vulnerable to “Stored XSS in Delete user/ Anonymize User”. A low privileged user can inject javascript payload in the name field from his profile. When the admin visits the users page and takes an action to either delete the user or anonymize the user the payload gets loaded and triggers XSS by loading external javascript into the application.PoC Details
Login into the application as with regular user credentials and select your profile to inject JavaScript payload (found in PoC Code section below) into the name field.Now login as an administrator and open the users page. Select the user from previous step to find the options delete user/anonymize user. The javascript payload saved in the name field will be triggered when victims click either on anonymize user or delete user button.
PoC Code
<Script>alert('test');</Script> Affected Environments
2.1.0 to 2.8.0Prevention
No fixLanguage: Ruby
Good to know:
| Base Score: |
|
|---|---|
| Attack Vector (AV): | Network |
| Attack Complexity (AC): | Low |
| Privileges Required (PR): | Low |
| User Interaction (UI): | Required |
| Scope (S): | Changed |
| Confidentiality (C): | Low |
| Integrity (I): | Low |
| Availability (A): | None |