cnvd - cnvd-2021-06952

CNVD-2021-06952

Vulnerability from cnvd - Published: 2021-01-27

Title

BigProf Online Invoicing System跨站脚本漏洞（CNVD-2021-06952）

Description

BigProf Online Invoicing System (OIS)是一款使用AppGini创建的面向小型企业、顾问和自由职业者的简便发票工具。 BigProf Online Invoicing System 4.0之前版本存在存储型跨站脚本漏洞。该漏洞源于管理员使用admin/pageEditGroup.php创建新组后该产品未能充分验证HTML字符的字段。攻击者可利用该漏洞进行跨站脚本攻击。

Severity

低

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://labs.ingredous.com/2020/07/13/ois-groupedit-xss/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-35677

Impacted products

Name
Bigprof-software Online Invoicing System <4.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-35677",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-35677"
    }
  },
  "description": "BigProf Online Invoicing System (OIS)\u662f\u4e00\u6b3e\u4f7f\u7528AppGini\u521b\u5efa\u7684\u9762\u5411\u5c0f\u578b\u4f01\u4e1a\u3001\u987e\u95ee\u548c\u81ea\u7531\u804c\u4e1a\u8005\u7684\u7b80\u4fbf\u53d1\u7968\u5de5\u5177\u3002\n\nBigProf Online Invoicing System 4.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b58\u50a8\u578b\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7ba1\u7406\u5458\u4f7f\u7528admin/pageEditGroup.php\u521b\u5efa\u65b0\u7ec4\u540e\u8be5\u4ea7\u54c1\u672a\u80fd\u5145\u5206\u9a8c\u8bc1HTML\u5b57\u7b26\u7684\u5b57\u6bb5\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8de8\u7ad9\u811a\u672c\u653b\u51fb\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://labs.ingredous.com/2020/07/13/ois-groupedit-xss/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-06952",
  "openTime": "2021-01-27",
  "products": {
    "product": "Bigprof-software Online Invoicing System \u003c4.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-35677",
  "serverity": "\u4f4e",
  "submitTime": "2020-12-25",
  "title": "BigProf Online Invoicing System\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-06952\uff09"
}

CVE-2020-35677 (GCVE-0-2020-35677)

Vulnerability from cvelistv5 – Published: 2020-12-24 03:04 – Updated: 2024-08-04 17:09

Summary

BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the payload. One might think this completely mitigates the privilege-escalation impact as there is only one high-privileged role. However, it was discovered that the endpoint responsible for creating the group lacks CSRF protection.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://labs.ingredous.com/2020/07/13/ois-grouped…

x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:09:14.811Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://labs.ingredous.com/2020/07/13/ois-groupedit-xss/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the payload. One might think this completely mitigates the privilege-escalation impact as there is only one high-privileged role. However, it was discovered that the endpoint responsible for creating the group lacks CSRF protection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-24T03:04:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://labs.ingredous.com/2020/07/13/ois-groupedit-xss/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35677",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the payload. One might think this completely mitigates the privilege-escalation impact as there is only one high-privileged role. However, it was discovered that the endpoint responsible for creating the group lacks CSRF protection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://labs.ingredous.com/2020/07/13/ois-groupedit-xss/",
              "refsource": "MISC",
              "url": "https://labs.ingredous.com/2020/07/13/ois-groupedit-xss/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35677",
    "datePublished": "2020-12-24T03:04:43",
    "dateReserved": "2020-12-24T00:00:00",
    "dateUpdated": "2024-08-04T17:09:14.811Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-06952

CVE-2020-35677 (GCVE-0-2020-35677)

Tags

Sightings

Nomenclature