Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS12ZjZ4LTU5aGgtMzMyZs4ABE6P

Moderate
Permalink JSON

Formwork has a cross-site scripting (XSS) vulnerability in Site title

Affected Packages Affected Versions Fixed Versions
packagist:getformwork/formwork = 2.0.0-beta.3 2.0.0-beta.4
0 Dependent packages
0 Dependent repositories
228 Downloads total

Affected Version Ranges

All affected versions

All unaffected versions

0.6.9, 0.6.10, 0.6.11, 0.6.12, 0.7.0, 0.7.1, 0.7.2, 0.8.0, 0.8.1, 0.9.0, 0.9.1, 0.9.2, 0.9.3, 0.9.4, 0.9.5, 0.9.6, 0.10.0, 0.10.1, 0.10.2, 0.10.3, 0.10.4, 0.10.5, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.5.0, 1.5.1, 1.5.2, 1.6.0, 1.6.1, 1.7.0, 1.7.1, 1.8.0, 1.9.0, 1.9.1, 1.10.0, 1.10.1, 1.10.2, 1.10.3, 1.11.0, 1.11.1, 1.12.0, 1.12.1, 1.13.0, 1.13.1, 1.13.2

Summary

The site title field at /panel/options/site/allows embedding JS tags, which can be used to attack all members of the system. This is a widespread attack and can cause significant damage if there is a considerable number of users.

Impact

The attack is widespread, leveraging what XSS can do. This will undoubtedly impact system availability.

Patches

Details

By embedding "<!--", the source code can be rendered non-functional, significantly impacting system availability. However, the attacker would need admin privileges, making the attack more difficult to execute.

PoC

image

  1. The page where the vulnerability was found, and the attack surface is the Title field.
    image

  2. I tested accessing the Dashboard page using a regular user account with Firefox, a different browser, and found that it was also affected.
    image

  3. Additionally, the remaining code was commented out to disrupt the UX/UI, making it difficult to revert the settings.

References:

Identifiers

GHSA-vf6x-59hh-332f

Risk

Severity

Moderate

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/getformwork/formwork

Date and time

Published

5 months ago

Updated

4 months ago

API

JSON