CVE-2024-25976 (GCVE-0-2024-25976)

Vulnerability from cvelistv5 – Published: 2024-05-29 12:22 – Updated: 2025-03-17 20:39
VLAI?
Title
Reflected Cross-Site-Scripting (XSS)
Summary
When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the content of "$_SERVER['PHP_SELF']" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue.
Severity ?
6.1 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE
  • CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
Impacted products
Vendor Product Version
Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany HAWKI Affected: versions before commit 146967f (custom)
Create a notification for this product.
Credits
Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 6.1,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "CHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-25976",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-29T14:11:54.889111Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-17T20:39:15.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T23:52:06.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "https://r.sec-consult.com/hawki"
          },
          {
            "tags": [
              "patch",
              "x_transferred"
            ],
            "url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2024/May/34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "HAWKI",
          "repo": "https://github.com/HAWK-Digital-Environments/HAWKI",
          "vendor": "Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany",
          "versions": [
            {
              "status": "affected",
              "version": "versions before commit 146967f",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim\u0027s browser. This is due to a fault in the file login.php where the content of \"$_SERVER[\u0027PHP_SELF\u0027]\" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue."
            }
          ],
          "value": "When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim\u0027s browser. This is due to a fault in the file login.php where the content of \"$_SERVER[\u0027PHP_SELF\u0027]\" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-63",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-63 Cross-Site Scripting (XSS)"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-10T16:10:17.894Z",
        "orgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
        "shortName": "SEC-VLab"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://r.sec-consult.com/hawki"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
        },
        {
          "url": "http://seclists.org/fulldisclosure/2024/May/34"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe vendor provides a patch which can be downloaded from \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\"\u003ehttps://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "The vendor provides a patch which can be downloaded from  https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Reflected Cross-Site-Scripting (XSS)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "551230f0-3615-47bd-b7cc-93e92e730bbf",
    "assignerShortName": "SEC-VLab",
    "cveId": "CVE-2024-25976",
    "datePublished": "2024-05-29T12:22:46.526Z",
    "dateReserved": "2024-02-13T09:28:28.810Z",
    "dateUpdated": "2025-03-17T20:39:15.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-25976\",\"sourceIdentifier\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"published\":\"2024-05-29T13:15:49.563\",\"lastModified\":\"2025-03-17T21:15:13.083\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim\u0027s browser. This is due to a fault in the file login.php where the content of \\\"$_SERVER[\u0027PHP_SELF\u0027]\\\" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue.\"},{\"lang\":\"es\",\"value\":\"Cuando la autenticaci\u00f3n LDAP est\u00e1 activada en la configuraci\u00f3n, es posible obtener la ejecuci\u00f3n XSS reflejado creando una URL personalizada que la v\u00edctima solo necesita abrir para ejecutar c\u00f3digo JavaScript arbitrario en el navegador de la v\u00edctima. Esto se debe a un fallo en el archivo login.php donde el contenido de \\\"$_SERVER[\u0027PHP_SELF\u0027]\\\" se refleja en el HTML del sitio web. Por lo tanto, el atacante no necesita una cuenta v\u00e1lida para aprovechar este problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2024/May/34\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"https://r.sec-consult.com/hawki\",\"source\":\"551230f0-3615-47bd-b7cc-93e92e730bbf\"},{\"url\":\"http://seclists.org/fulldisclosure/2024/May/34\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://r.sec-consult.com/hawki\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://r.sec-consult.com/hawki\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\", \"tags\": [\"patch\", \"x_transferred\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/May/34\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T23:52:06.357Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-25976\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-29T14:11:54.889111Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-29T14:12:24.920Z\"}}], \"cna\": {\"title\": \"Reflected Cross-Site-Scripting (XSS)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Florian Stuhlmann, Thorger Jansen (Office Bochum) | SEC Consult Vulnerability Lab\"}], \"impacts\": [{\"capecId\": \"CAPEC-63\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-63 Cross-Site Scripting (XSS)\"}]}], \"affected\": [{\"repo\": \"https://github.com/HAWK-Digital-Environments/HAWKI\", \"vendor\": \"Interaction Design Team at the University of Applied Sciences and Arts in Hildesheim/Germany\", \"product\": \"HAWKI\", \"versions\": [{\"status\": \"affected\", \"version\": \"versions before commit 146967f\", \"versionType\": \"custom\"}], \"defaultStatus\": \"affected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The vendor provides a patch which can be downloaded from  https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe vendor provides a patch which can be downloaded from \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\\\"\u003ehttps://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\", \"base64\": false}]}], \"references\": [{\"url\": \"https://r.sec-consult.com/hawki\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/HAWK-Digital-Environments/HAWKI/commit/146967f3148e92d1640ffebc21d8914e2d7fb3f1\", \"tags\": [\"patch\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2024/May/34\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim\u0027s browser. This is due to a fault in the file login.php where the content of \\\"$_SERVER[\u0027PHP_SELF\u0027]\\\" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim\u0027s browser. This is due to a fault in the file login.php where the content of \\\"$_SERVER[\u0027PHP_SELF\u0027]\\\" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-79\", \"description\": \"CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"shortName\": \"SEC-VLab\", \"dateUpdated\": \"2024-06-10T16:10:17.894Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-25976\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-17T20:39:15.968Z\", \"dateReserved\": \"2024-02-13T09:28:28.810Z\", \"assignerOrgId\": \"551230f0-3615-47bd-b7cc-93e92e730bbf\", \"datePublished\": \"2024-05-29T12:22:46.526Z\", \"assignerShortName\": \"SEC-VLab\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.