GHSA-CVMR-6428-87W9

Vulnerability from github – Published: 2020-12-10 23:13 – Updated: 2020-12-10 23:12
VLAI?
Summary
Cross-Site Scripting in Grav
Details

Impact

Privileged users (with the ability to edit pages) have a mechanism to perform remote code execution via XSS. At a minimum, the vulnerability represents a bypass of security controls put in place to mitigate this form of attack.

The remote code execution can be performed because XSS would allow an attacker to execute functionality on behalf of a stolen administrative account - the facility to install custom plugins would then allow said attacker to install a plugin containing a web shell and thus garner access to the underlying system.

References

https://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS) https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html https://cwe.mitre.org/data/definitions/79.html

For more information

Please contact contact@pentest.co.uk

Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "getgrav/grav"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.30"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-12-10T23:12:52Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Impact\nPrivileged users (with the ability to edit pages) have a mechanism to perform remote code execution via XSS. At a minimum, the vulnerability represents a bypass of security controls put in place to mitigate this form of attack.\n\nThe remote code execution can be performed because XSS would allow an attacker to execute functionality on behalf of a stolen administrative account - the facility to install custom plugins would then allow said attacker to install a plugin containing a web shell and thus garner access to the underlying system.\n\n### References\nhttps://owasp.org/www-project-top-ten/2017/A7_2017-Cross-Site_Scripting_(XSS)\nhttps://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html\nhttps://cwe.mitre.org/data/definitions/79.html\n\n### For more information\nPlease contact contact@pentest.co.uk",
  "id": "GHSA-cvmr-6428-87w9",
  "modified": "2020-12-10T23:12:52Z",
  "published": "2020-12-10T23:13:08Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/getgrav/grav/security/advisories/GHSA-cvmr-6428-87w9"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Cross-Site Scripting in Grav"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.