HTML-injection-saved-search

CVE-2023-40813-HTML injection-Saved Search


Vendor of the product(s) –

    • Product Name – OpenCRX
    • Version – exact ver of the product which is vulnerable – 5.2.0
    • Affected component(s) – Saved Search Creation
    • Attack vector(s) – Web Application
    • Suggested description of the vulnerability for use in the CVE- HTML injection on the Saved Search Creation
    • Discoverer(s)/Credits – your name -Nandini Sharma
    • Step by Step POC written in sequential order – prepare a word file for all this.

Step-2 Now, create new Saved Search-Activity in the Activity Tracker as shown below: –

Step-3 Now, Insert Html payload in the Name and description field as shown below: –

Paylaod – <font color=”blue”>Esecforte</font>

Step-4 Now, click on the save button to save this activity. It has been observed by the auditor that HTML payload  executed.

[Discoverer]                                                                                                      

Nandini Sharma from eSec Forte Technologies Pvt. Ltd