cnvd - cnvd-2021-06953

CNVD-2021-06953

Vulnerability from cnvd - Published: 2021-01-27

Title

BigProf Online Invoicing System跨站脚本漏洞（CNVD-2021-06953）

Description

BigProf Online Invoicing System (OIS)是一款使用AppGini创建的面向小型企业、顾问和自由职业者的简便发票工具。 BigProf Online Invoicing System 3.1之前版本中的app/membership_signup.php和app/admin/pageViewMembers.php存在跨站脚本漏洞。攻击者可通过自注册功能利用该漏洞在admin上下文中执行任意Javascript，从而可获得管理员权限。

Severity

中

Patch Name

BigProf Online Invoicing System跨站脚本漏洞（CNVD-2021-06953）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-35676

Impacted products

Name
Bigprof-software Online Invoicing System <3.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-35676",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-35676"
    }
  },
  "description": "BigProf Online Invoicing System (OIS)\u662f\u4e00\u6b3e\u4f7f\u7528AppGini\u521b\u5efa\u7684\u9762\u5411\u5c0f\u578b\u4f01\u4e1a\u3001\u987e\u95ee\u548c\u81ea\u7531\u804c\u4e1a\u8005\u7684\u7b80\u4fbf\u53d1\u7968\u5de5\u5177\u3002\n\nBigProf Online Invoicing System 3.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684app/membership_signup.php\u548capp/admin/pageViewMembers.php\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u81ea\u6ce8\u518c\u529f\u80fd\u5229\u7528\u8be5\u6f0f\u6d1e\u5728admin\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610fJavascript\uff0c\u4ece\u800c\u53ef\u83b7\u5f97\u7ba1\u7406\u5458\u6743\u9650\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-06953",
  "openTime": "2021-01-27",
  "patchDescription": "BigProf Online Invoicing System (OIS)\u662f\u4e00\u6b3e\u4f7f\u7528AppGini\u521b\u5efa\u7684\u9762\u5411\u5c0f\u578b\u4f01\u4e1a\u3001\u987e\u95ee\u548c\u81ea\u7531\u804c\u4e1a\u8005\u7684\u7b80\u4fbf\u53d1\u7968\u5de5\u5177\u3002\r\n\r\nBigProf Online Invoicing System 3.1\u4e4b\u524d\u7248\u672c\u4e2d\u7684app/membership_signup.php\u548capp/admin/pageViewMembers.php\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u81ea\u6ce8\u518c\u529f\u80fd\u5229\u7528\u8be5\u6f0f\u6d1e\u5728admin\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610fJavascript\uff0c\u4ece\u800c\u53ef\u83b7\u5f97\u7ba1\u7406\u5458\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "BigProf Online Invoicing System\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-06953\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Bigprof-software Online Invoicing System \u003c3.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-35676",
  "serverity": "\u4e2d",
  "submitTime": "2020-12-25",
  "title": "BigProf Online Invoicing System\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff08CNVD-2021-06953\uff09"
}

CVE-2020-35676 (GCVE-0-2020-35676)

Vulnerability from cvelistv5 – Published: 2020-12-24 03:04 – Updated: 2024-08-04 17:09

Summary

BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://labs.ingredous.com/2020/07/13/ois-members…	x_refsource_MISC
	https://github.com/bigprof-software/online-invoic…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:09:14.930Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application\u0027s administrator browsing the registered users\u0027 list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-24T03:04:56",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35676",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application\u0027s administrator browsing the registered users\u0027 list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/",
              "refsource": "MISC",
              "url": "https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/"
            },
            {
              "name": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1",
              "refsource": "MISC",
              "url": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35676",
    "datePublished": "2020-12-24T03:04:56",
    "dateReserved": "2020-12-24T00:00:00",
    "dateUpdated": "2024-08-04T17:09:14.930Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2021-06953

CVE-2020-35676 (GCVE-0-2020-35676)

Tags

Sightings

Nomenclature