CVE-2020-35676 - OpenCVE

BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Bigprof	Online Invoicing System

Configuration 1 [-]

cpe:2.3:a:bigprof:online_invoicing_system:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1
https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2020-12-24T03:04:56

Updated: 2024-08-04T17:09:14.930Z

Reserved: 2020-12-24T00:00:00

Link: CVE-2020-35676

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-12-24T04:15:12.500

Modified: 2020-12-28T17:42:02.793

Link: CVE-2020-35676

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-12-24T03:04:56", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-35676", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/", "refsource": "MISC", "url": "https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/"}, {"name": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1", "refsource": "MISC", "url": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T17:09:14.930Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-35676", "datePublished": "2020-12-24T03:04:56", "dateReserved": "2020-12-24T00:00:00", "dateUpdated": "2024-08-04T17:09:14.930Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:bigprof:online_invoicing_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "59ABE457-ABC7-47EC-8026-C187A082DBA6", "versionEndExcluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application's administrator browsing the registered users' list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php."}, {"lang": "es", "value": "BigProf Online Invoicing System versiones anteriores a 3.1, no sanea apropiadamente una carga \u00fatil XSS cuando un usuario se registra usando la funcionalidad self-registration. Como tal, un atacante puede ingresar una carga \u00fatil dise\u00f1ada que se ejecutar\u00e1 cuando el administrador de la aplicaci\u00f3n navegue por la lista de usuarios registrados. Una vez que el Javascript arbitrario es ejecutado en el contexto del administrador, esto causar\u00e1 que el atacante alcanzar privilegios administrativos, conllevando efectivamente a una toma de control de la aplicaci\u00f3n. Esto afecta a los archivos app/Membersignup.php y app/admin/pageViewMembers.php"}], "id": "CVE-2020-35676", "lastModified": "2020-12-28T17:42:02.793", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-12-24T04:15:12.500", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/bigprof-software/online-invoicing-system/releases/tag/3.1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://labs.ingredous.com/2020/07/13/ois-membershipsignup-xss/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}