PeTeReport 0.5 - Stored XSS (Markdown)
4,8
Medium
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
PeTeReport 0.5 - Stored XSS (Markdown)
Code name
State
Public
Release date
23 feb 2022
Affected product
PeTeReport
Affected version(s)
Version 0.5
Fixed version(s)
Version 0.7
Vulnerability name
Stored cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
Yes
CVSS v3.1 vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CVSS v3.1 base score
4.8
Exploit available
No
CVE ID(s)
Description
PeteReport Version 0.5 allows an authenticated admin user to inject persistent javascript code inside the markdown descriptions while creating a product, report or finding.
Proof of Concept
Steps to reproduce
Click on 'Add Product'.
Insert the following PoC inside the product description.
Click on 'Save Product'.
If a user visits the product and click on the link in the description the javascript code will be rendered.
System Information
Version: PeteReport Version 0.5.
Operating System: Docker.
Web Server: nginx.
Exploit
There is no exploit for the vulnerability but can be manually exploited.
Mitigation
An updated version of PeteReport is available at the vendor page.
References
Timeline
IA generativa
8 feb 2022
Vulnerability patched
28 feb 2022
Vendor contacted
8 feb 2022
Vendor replied
9 feb 2022
Public disclosure
23 feb 2022
