CVE-2020-35676

BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1	Third Party Advisory
https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:bigprof:online_invoicing_system:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-12-24 04:15

Updated : 2024-02-28 18:08

NVD link : CVE-2020-35676

Mitre link : CVE-2020-35676

CVE.ORG link : CVE-2020-35676

JSON object : View

Products Affected

bigprof

online_invoicing_system

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2020-35676", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2020-12-24T04:15:12.500", "references": [{"url": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php."}, {"lang": "es", "value": "BigProf Online Invoicing System versiones anteriores a 3.1, no sanea apropiadamente una carga \u00fatil XSS cuando un usuario se registra usando la funcionalidad self-registration. Como tal, un atacante puede ingresar una carga \u00fatil dise\u00f1ada que se ejecutar\u00e1 cuando el administrador de la aplicaci\u00f3n navegue por la lista de usuarios registrados. Una vez que el Javascript arbitrario es ejecutado en el contexto del administrador, esto causar\u00e1 que el atacante alcanzar privilegios administrativos, conllevando efectivamente a una toma de control de la aplicaci\u00f3n. Esto afecta a los archivos app/Membersignup.php y app/admin/pageViewMembers.php"}], "lastModified": "2020-12-28T17:42:02.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:bigprof:online_invoicing_system:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59ABE457-ABC7-47EC-8026-C187A082DBA6", "versionEndExcluding": "3.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}