CVE-2023-41167 - Vulnerability Details - OpenCVE

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user's browser when the main page or admin page loads.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00243.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Webiny	Webiny

Configuration 1 [-]

cpe:2.3:a:webiny:webiny:*:*:*:*:*:node.js:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/webiny/webiny-js/security/advisories/GHSA-3x59-vrmc-5mx6
https://webiny.com

History

Wed, 02 Oct 2024 18:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-25T00:00:00

Updated: 2024-10-02T17:52:37.205Z

Reserved: 2023-08-24T00:00:00

Link: CVE-2023-41167

Vulnrichment

Updated: 2024-08-02T18:54:04.428Z

NVD

Status : Modified

Published: 2023-08-25T14:15:10.150

Modified: 2024-11-21T08:20:42.890

Link: CVE-2023-41167

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-41167", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-02T17:52:37.205Z", "dateReserved": "2023-08-24T00:00:00", "datePublished": "2023-08-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-25T13:43:24.851992"}, "descriptions": [{"lang": "en", "value": "@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user's browser when the main page or admin page loads."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://webiny.com"}, {"url": "https://github.com/webiny/webiny-js/security/advisories/GHSA-3x59-vrmc-5mx6"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:54:04.428Z"}, "title": "CVE Program Container", "references": [{"url": "https://webiny.com", "tags": ["x_transferred"]}, {"url": "https://github.com/webiny/webiny-js/security/advisories/GHSA-3x59-vrmc-5mx6", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-02T17:52:27.906215Z", "id": "CVE-2023-41167", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T17:52:37.205Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://webiny.com", "tags": ["x_transferred"]}, {"url": "https://github.com/webiny/webiny-js/security/advisories/GHSA-3x59-vrmc-5mx6", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:54:04.428Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-41167", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-02T17:52:27.906215Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-02T17:52:33.470Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://webiny.com"}, {"url": "https://github.com/webiny/webiny-js/security/advisories/GHSA-3x59-vrmc-5mx6"}], "descriptions": [{"lang": "en", "value": "@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user's browser when the main page or admin page loads."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-08-25T13:43:24.851992"}}}, "cveMetadata": {"cveId": "CVE-2023-41167", "state": "PUBLISHED", "dateUpdated": "2024-10-02T17:52:37.205Z", "dateReserved": "2023-08-24T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-08-25T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webiny:webiny:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "DE1F8F81-5632-48C7-A936-6DFD054D1D37", "versionEndExcluding": "5.37.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the editor.js rich text editor to handle rich text content. The CMS stores rich text content from the editor.js into the database. When the @webiny/react-rich-text-renderer is used to render such content, it uses the dangerouslySetInnerHTML prop, without applying HTML sanitization. The issue arises when an actor, who in this context would specifically be a content manager with access to the CMS, inserts a malicious script as part of the user-defined input. This script is then injected and executed within the user's browser when the main page or admin page loads."}, {"lang": "es", "value": "@webiny/react-rich-text-renderer antes de 5.37.2 permite ataques Cross-Site Scripting (XSS) por parte de gestores de contenido. Se trata de un componente react para renderizar datos procedentes de Webiny Headless CMS y Webiny Form Builder. Webiny es un CMS empresarial sin servidor de c\u00f3digo abierto. El paquete @webiny/react-rich-text-renderer depende del editor de texto enriquecido editor.js para manejar contenido de texto enriquecido. El CMS almacena el contenido de texto enriquecido del editor.js en la base de datos. Cuando el @webiny/react-rich-text-renderer se utiliza para renderizar dicho contenido, utiliza la prop peligrosamenteSetInnerHTML, sin aplicar la limpieza HTML. El problema surge cuando un actor, que en este contexto ser\u00eda espec\u00edficamente un gestor de contenidos con acceso al CMS, inserta un script malicioso como parte de la entrada definida por el usuario. Este script se inyecta y ejecuta en el navegador del usuario cuando se carga la p\u00e1gina principal o la p\u00e1gina de administraci\u00f3n."}], "id": "CVE-2023-41167", "lastModified": "2024-11-21T08:20:42.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-25T14:15:10.150", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://github.com/webiny/webiny-js/security/advisories/GHSA-3x59-vrmc-5mx6"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://webiny.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/webiny/webiny-js/security/advisories/GHSA-3x59-vrmc-5mx6"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://webiny.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}