Over 10 years we help companies reach their financial and branding goals. Engitech is a values-driven technology agency dedicated.

Gallery

Contacts

411 University St, Seattle, USA

[email protected]

+1 -800-456-478-23

Twitter Facebook-f Pinterest-p Instagram
CVE

CVE-2022-3355 – Inventree

Inventree- Stored XSS

By uploading SVG files, the users can perform Stored XSS attack. Copy the following code and save as filename.svg.

POC – Proof of concept

  • [1] Login as user with upload permission.
  • [2] upload the payload injected SVG file at https://demo.inventree.org/order/sales-order/3/
  • [3] Copy the uploaded svg file url and open in new tab. (every logged user can access to this url)
  • [4] XSS ! (https://demo.inventree.org/media/so_files/3/yourfile.svg)
PAYLOAD: <x:script xmlns:x="http://www.w3.org/1999/xhtml">alert(document.domain)</x:script>

Impact

If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities.

Severity

https://cvss.js.org/#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Reference

https://huntr.dev/bounties/4b7fb92c-f06b-4bbf-82dc-9f013b30b6a6/

https://github.com/inventree/inventree

https://nvd.nist.gov/vuln/detail/CVE-2022-3355