Information
Product : 1CRM On-Premise Software
Vulnerability Name : Stored Cross-Site Scripting
version : 8.5.7
Fixed on : 8.5.10
Test on : CentOS 7.6.1810 (Core)
Reference : https://1crm.com
CVE-Number : CVE-2019-14221
Description
1CRM On-Premise Software 8.5.7 allows XSS via a payload that is mishandled during a Run Report operation.
PoC
Attacker
- Login as any user
- Click Email icon
- Click Report
- Click Create Report
- Fill Report Name
- Assign to Victim (In this example we assigned to admin)
- Click Column Layout
- Click Add empty column
- Input malicious code (ex.
<script>alert(document.cookie);</script>)
- Click Save
Victim
- Click email icon
- Click Report
- Choose report that we recently created
- Click Run Report
- Admin cookie will popup
PoC Video
Credit
Kusol Watchara-Apanukorn (SHA999)







