Skip to content

Stored Cross-Side Scripting (XSS) leads to privilege escalation in SilverPeas social-networking portal

Notifications You must be signed in to change notification settings

toneemarqus/CVE-2024-39031

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 

Repository files navigation

CVE-2024-39031 : Silverpeas Core Stored XSS in in Mes agendas

Information

Description: In Mes Agendas, a user can create new events and add them to their calendar. Additionally, users can invite others from the same domain, including administrators, to these events. A standard user can inject an XSS payload into the "Titre" and "Description" fields when creating an event and then add the administrator or any user to the event. When the invited user (victim) views their own profile, the payload will be executed on their side, even if they do not click on the event.

Versions Affected: <= 6.3.5

Version Fixed: 6.3.5

Researcher: Tonee Marqus with Phronesis Security (https://www.phronesissecurity.com/)

Applied Fix: Silverpeas/Silverpeas-Core#1346

Related Links:

Proof-of-Concept

Step 1

login as an any user and create a new event (agenda) in the mes agendas. Inside the “Titre” and “Description” put the following XSS payloads:

<script>alert("XSS-Titre")</script>

And

<script>alert("XSS-Description")</script>

image

Step 2

Add another user as a participant, for example, here an administrator was added. image image Save the event: image

Step 3

Login to the administrator account and click on the administrator button in the top left to enter administrator profile, once you click, the XSS alert for “Titre” will pop up. image If you click OK, the other XSS payload will also pop up for “description” image

Additionally, the XSS payload can be triggered in many other places, for example when we click on the event from the calendar: image Or from Mon profile → Mur image Finally, from Fil d'informations: image

About

Stored Cross-Side Scripting (XSS) leads to privilege escalation in SilverPeas social-networking portal

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published