Stored XSS in glpi-project/glpi
Valid
Reported on
Sep 26th 2022
Description
openemr has a feature to customize the "Text in the login box " , due to a bad sanitization it allows to put some html tag like "form" scheme which allows to execute javascript code.
- login as user glpi/glpi (admin user)
- go to HOME->SETUP->GENERAL http://yoursite.com/front/config.form.php
- Edit the field (Text in the login box (HTML tags supported)) and insert the payload.
- logout
- try the XSS.
Proof of Concept
PAYLOAD: <form><button formaction=javascript:alert(document.location)>click
Impact
The impact is JavaScript Code Execution, an attacker can steal user cretential or other things. However, admin privileges are required to edit the vulnerable input fields.
We are processing your report and will contact the
glpi-project/glpi
team within 24 hours.
a year ago
We have contacted a member of the
glpi-project/glpi
team and are waiting to hear back
a year ago
Hakiduck modified the report
a year ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
The researcher's credibility has increased: +7
We have sent a
fix follow up to the
glpi-project/glpi
team.
We will try again in 7 days.
a year ago
Hi @admin, can you please assign CVE-2022-39262 to this bug ?
We have sent a
second
fix follow up to the
glpi-project/glpi
team.
We will try again in 10 days.
a year ago
Hi Hakiduck,
I'm afraid we can only assign CVEs to reports that have been assigned by huntr.dev and not by any other CNAs.
We have sent a
third and final
fix follow up to the
glpi-project/glpi
team.
This report is now considered stale.
a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation