Stored Cross-Site Scripting SXSS

Stored Cross-Site Scripting SXSS 

Vendor of the product(s) – UVDesk 

Product Name – Community Skeleton v1.1.1 

URL of the Product – https://github.com/uvdesk/community-skeleton  

Affected component(s) – “Message” Field 

Attack vector(s) – Remote 

Suggested description of the vulnerability for use in the CVE –  UVDesk ticket portal provides the facility to create tickets. It has been observed that the input taken from user is not properly sanitized. This allows the attacker to inject the malicious JavaScript code in the “Message” input field. The malicious code can then be executed whenever the vulnerable web page is accessed by any user and will remain persistent. 

Discoverer/Credit – Sahil Dari 

Title: Stored Cross Site Scripting in the ticket message 

Introduction 

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. In a Stored XSS attack, the vulnerable application receives user-supplied input from untrusted sources and stores it. This malicious content also gets included in the later HTTP responses sent by the server. 

eSecForte Technologies Security Researcher – Sahil Dari reported a Stored Cross Site Scripting (XSS). 

Description: UVDesk ticket portal provides the facility to create tickets. It has been observed that the input taken from user is not properly sanitized. This allows the attacker to inject the malicious JavaScript code in the “Message” input field. The malicious code can then be executed whenever the vulnerable web page is accessed by any user and will remain persistent. 

Platform/Product: UVDesk Community Skeleton v1.1.1 

Vulnerability Name: Stored Cross Site Scripting (XSS) 

Affected Component: “Message” Field 

Attack Type: Persistent/Stored 

Impact: Stored XSS attacks can have serious consequences, such as stealing sensitive data, modifying the content of the web page, or redirecting users to a malicious site.  

Recommendation: Implement proper input validation and output encoding to prevent malicious code from being injected into the web application. Use server-side validation to ensure that user input is properly sanitized before being stored in a database or displayed on a web page. Use output encoding to ensure that any user input that is displayed on the web page is properly encoded to prevent malicious code from being executed. 

 Affected Parameter – reply 

 Affected URL – http://localhost/uvdesk-community/public/en/member/ticket/save  

Methods of Exploitation: 

Steps to reproduce: – 

Step-1 While logged in to the application Navigate to http://localhost/uvdesk-community/public/en/member/tickets and click on create ticket.

Step-2 Fill all the required details and in the Message field enter the payload as shown in the screenshot.

Step-3 Intercept the request in the burp suite proxy tool and observe that the payload is getting encoded. 

Step-4 Change the encoded payload as shown in the screenshot and send the request. 

Step-5 The auditor noticed that the payload was successfully executed. 

[Discoverer]  

Sahil Dari from eSec Forte Technologies Pvt. Ltd.