Skip to content

Stored XSS in Inbox (Send a private message)

High
w8tcha published GHSA-4hwx-678w-9cp5 Jan 22, 2023

Package

No package listed

Affected versions

3.1.9 and 3.1.10

Patched versions

3.1.11

Description

Summary

Send a private message to the victim after entering the XSS payload into the subject and message fields.

Details

affected source code file : https://github.com/YAFNET/YAFNET/blob/master/yafsrc/YetAnotherForum.NET/Pages/PostPrivateMessage.cshtml.cs (on web page : http://your-ip.com/forum/PostPrivateMessage)

YAFNET version:3.1.9 and 3.1.10 is vulnerable to cross-site scripting. The vulnerability allows users to embed arbitrary JavaScript code in the Send Private Message page that alters the intended functionality, potentially leading to credential disclosure in trusted sessions.

PoC

<img src=/ onmouseover=alert('send_XSS_from_chtsec_user_in_the_Subject')>

Impact

What kind of vulnerability is it? Who is impacted?
XSS (Cross-Site Scripting)
YAFNET version:3.1.9 and 3.1.10

Reference

https://drive.google.com/drive/folders/1ct6Tp_cnsYO8L_JSvlBCf_Ae7KW3JAcD?usp=sharing

Severity

High
8.2
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:L

CVE ID

No known CVE

Weaknesses

Credits