Vulnerability-Lookup

CNVD-2020-58776

Vulnerability from cnvd - Published: 2020-10-26

Title

Grocy跨站脚本漏洞

Description

Grocy是个人开发者的一个适用于家庭基于Web的自托管杂货和家庭管理解决方案。该平台为适用于家庭的使用PHP编写的ERP系统。 Grocy 2.7.1版本及之前版本存在跨站脚本漏洞。该漏洞与受影响版本之间存在运行配置错误有关。在用户，电池，杂务，设备，位置，数量单位，购物地点，任务，任务类别，产品组，配方和产品中也发现了此问题。要利用这些问题，必须进行身份验证，并且Grocy未能应公开暴露。攻击者可利用该漏洞进行“创建购物清单”模板下的跨站点脚本攻击，在Create Shopping List module删除购物清单时呈现。

Severity

低

Patch Name

Grocy跨站脚本漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/grocy/grocy/security/advisories/GHSA-7f37-2fjr-v9p7

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-15253

Impacted products

Name
Grocy Grocy <= 2.7.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-15253",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-15253"
    }
  },
  "description": "Grocy\u662f\u4e2a\u4eba\u5f00\u53d1\u8005\u7684\u4e00\u4e2a\u9002\u7528\u4e8e\u5bb6\u5ead\u57fa\u4e8eWeb\u7684\u81ea\u6258\u7ba1\u6742\u8d27\u548c\u5bb6\u5ead\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u5e73\u53f0\u4e3a\u9002\u7528\u4e8e\u5bb6\u5ead\u7684\u4f7f\u7528PHP\u7f16\u5199\u7684ERP\u7cfb\u7edf\u3002\n\nGrocy 2.7.1\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4e0e\u53d7\u5f71\u54cd\u7248\u672c\u4e4b\u95f4\u5b58\u5728\u8fd0\u884c\u914d\u7f6e\u9519\u8bef\u6709\u5173\u3002\u5728\u7528\u6237\uff0c\u7535\u6c60\uff0c\u6742\u52a1\uff0c\u8bbe\u5907\uff0c\u4f4d\u7f6e\uff0c\u6570\u91cf\u5355\u4f4d\uff0c\u8d2d\u7269\u5730\u70b9\uff0c\u4efb\u52a1\uff0c\u4efb\u52a1\u7c7b\u522b\uff0c\u4ea7\u54c1\u7ec4\uff0c\u914d\u65b9\u548c\u4ea7\u54c1\u4e2d\u4e5f\u53d1\u73b0\u4e86\u6b64\u95ee\u9898\u3002\u8981\u5229\u7528\u8fd9\u4e9b\u95ee\u9898\uff0c\u5fc5\u987b\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u4e14Grocy\u672a\u80fd\u5e94\u516c\u5f00\u66b4\u9732\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u201c\u521b\u5efa\u8d2d\u7269\u6e05\u5355\u201d\u6a21\u677f\u4e0b\u7684\u8de8\u7ad9\u70b9\u811a\u672c\u653b\u51fb\uff0c\u5728Create Shopping List module\u5220\u9664\u8d2d\u7269\u6e05\u5355\u65f6\u5448\u73b0\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/grocy/grocy/security/advisories/GHSA-7f37-2fjr-v9p7",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-58776",
  "openTime": "2020-10-26",
  "patchDescription": "Grocy\u662f\u4e2a\u4eba\u5f00\u53d1\u8005\u7684\u4e00\u4e2a\u9002\u7528\u4e8e\u5bb6\u5ead\u57fa\u4e8eWeb\u7684\u81ea\u6258\u7ba1\u6742\u8d27\u548c\u5bb6\u5ead\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u5e73\u53f0\u4e3a\u9002\u7528\u4e8e\u5bb6\u5ead\u7684\u4f7f\u7528PHP\u7f16\u5199\u7684ERP\u7cfb\u7edf\u3002\r\n\r\nGrocy 2.7.1\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u4e0e\u53d7\u5f71\u54cd\u7248\u672c\u4e4b\u95f4\u5b58\u5728\u8fd0\u884c\u914d\u7f6e\u9519\u8bef\u6709\u5173\u3002\u5728\u7528\u6237\uff0c\u7535\u6c60\uff0c\u6742\u52a1\uff0c\u8bbe\u5907\uff0c\u4f4d\u7f6e\uff0c\u6570\u91cf\u5355\u4f4d\uff0c\u8d2d\u7269\u5730\u70b9\uff0c\u4efb\u52a1\uff0c\u4efb\u52a1\u7c7b\u522b\uff0c\u4ea7\u54c1\u7ec4\uff0c\u914d\u65b9\u548c\u4ea7\u54c1\u4e2d\u4e5f\u53d1\u73b0\u4e86\u6b64\u95ee\u9898\u3002\u8981\u5229\u7528\u8fd9\u4e9b\u95ee\u9898\uff0c\u5fc5\u987b\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\uff0c\u5e76\u4e14Grocy\u672a\u80fd\u5e94\u516c\u5f00\u66b4\u9732\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u201c\u521b\u5efa\u8d2d\u7269\u6e05\u5355\u201d\u6a21\u677f\u4e0b\u7684\u8de8\u7ad9\u70b9\u811a\u672c\u653b\u51fb\uff0c\u5728Create Shopping List module\u5220\u9664\u8d2d\u7269\u6e05\u5355\u65f6\u5448\u73b0\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Grocy\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Grocy Grocy \u003c= 2.7.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-15253",
  "serverity": "\u4f4e",
  "submitTime": "2020-10-19",
  "title": "Grocy\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2020-15253 (GCVE-0-2020-15253)

Vulnerability from cvelistv5 – Published: 2020-10-14 18:15 – Updated: 2024-08-04 13:08

Title

Stored XSS in Grocy

Summary

Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product groups, recipes and products. Authentication is required to exploit these issues and Grocy should not be publicly exposed. The linked reference details a proof-of-concept.

Severity

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N

CWE

CWE-79 - {"CWE-79":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}

Assigner

GitHub_M

References

5 references

URL	Tags
https://www.exploit-db.com/exploits/48792	x_refsource_MISC
https://github.com/grocy/grocy/security/advisorie…	x_refsource_CONFIRM
https://github.com/grocy/grocy/issues/996	x_refsource_MISC
https://github.com/grocy/grocy/commit/0624b0df594…	x_refsource_MISC
https://github.com/grocy/grocy/commit/0df2590de27…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
grocy	grocy	Affected: <= 2.7.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:08:22.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/48792"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/grocy/grocy/security/advisories/GHSA-7f37-2fjr-v9p7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/grocy/grocy/issues/996"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/grocy/grocy/commit/0624b0df594a4353ef25e6b1874565ea52ce7772"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/grocy/grocy/commit/0df2590de27c60c18b7db6e056347bd2aff5a887"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "grocy",
          "vendor": "grocy",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c= 2.7.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Versions of Grocy \u003c= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product groups, recipes and products. Authentication is required to exploit these issues and Grocy should not be publicly exposed. The linked reference details a proof-of-concept."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-11-16T00:46:56.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.exploit-db.com/exploits/48792"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/grocy/grocy/security/advisories/GHSA-7f37-2fjr-v9p7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grocy/grocy/issues/996"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grocy/grocy/commit/0624b0df594a4353ef25e6b1874565ea52ce7772"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/grocy/grocy/commit/0df2590de27c60c18b7db6e056347bd2aff5a887"
        }
      ],
      "source": {
        "advisory": "GHSA-7f37-2fjr-v9p7",
        "discovery": "UNKNOWN"
      },
      "title": "Stored XSS in Grocy",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-15253",
          "STATE": "PUBLIC",
          "TITLE": "Stored XSS in Grocy"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "grocy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c= 2.7.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "grocy"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Versions of Grocy \u003c= 2.7.1 are vulnerable to Cross-Site Scripting via the Create Shopping List module, that is rendered upon deleting that Shopping List. The issue was also found in users, batteries, chores, equipment, locations, quantity units, shopping locations, tasks, taskcategories, product groups, recipes and products. Authentication is required to exploit these issues and Grocy should not be publicly exposed. The linked reference details a proof-of-concept."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "{\"CWE-79\":\"Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)\"}"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.exploit-db.com/exploits/48792",
              "refsource": "MISC",
              "url": "https://www.exploit-db.com/exploits/48792"
            },
            {
              "name": "https://github.com/grocy/grocy/security/advisories/GHSA-7f37-2fjr-v9p7",
              "refsource": "CONFIRM",
              "url": "https://github.com/grocy/grocy/security/advisories/GHSA-7f37-2fjr-v9p7"
            },
            {
              "name": "https://github.com/grocy/grocy/issues/996",
              "refsource": "MISC",
              "url": "https://github.com/grocy/grocy/issues/996"
            },
            {
              "name": "https://github.com/grocy/grocy/commit/0624b0df594a4353ef25e6b1874565ea52ce7772",
              "refsource": "MISC",
              "url": "https://github.com/grocy/grocy/commit/0624b0df594a4353ef25e6b1874565ea52ce7772"
            },
            {
              "name": "https://github.com/grocy/grocy/commit/0df2590de27c60c18b7db6e056347bd2aff5a887",
              "refsource": "MISC",
              "url": "https://github.com/grocy/grocy/commit/0df2590de27c60c18b7db6e056347bd2aff5a887"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-7f37-2fjr-v9p7",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2020-15253",
    "datePublished": "2020-10-14T18:15:21.000Z",
    "dateReserved": "2020-06-25T00:00:00.000Z",
    "dateUpdated": "2024-08-04T13:08:22.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-58776

CVE-2020-15253 (GCVE-0-2020-15253)

Tags

Sightings

Nomenclature