Skip to content
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVEs/CVE-2019-9758/
CVEs/CVE-2019-9758/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2019-9758: LabKey Server Stored XSS

Information

Description: This allows Cross-Site Scripting to execute against an admin of LabKey Server which can lead to RCE.
Versions Affected: LabKey Server 19.1.0
Researcher: David Yesland (https://twitter.com/daveysec)
Disclosure Link: https://rhinosecuritylabs.com/application-security/labkey-server-vulnerabilities-to-rce
NIST CVE Link: https://nvd.nist.gov/vuln/detail/CVE-2019-9758

Proof-of-Concept Exploit

Description

The username is not sanitized in some portions of the application within the admin portal. This allows XSS payloads to be executed on an admin of the application which can also lead to XSS by abusing intended functionality of the application.

Usage/Exploitation

Set the username of a user to <svg onload=alert(document.cookie)> then attempt to clone the permissions of that user as an admin.

Screenshot

Alt-text that shows up on hover