CVE-2022-43271 PoC — Inhabit Systems Move CRM 跨站脚本漏洞

Source

https://github.com/SecurityWillCheck/CVE-2022-43271

Associated Vulnerability

Title:Inhabit Systems Move CRM 跨站脚本漏洞 (CVE-2022-43271)
Description:Inhabit Systems Move CRM是澳大利亚Inhabit Systems公司的一个全面的业务管理系统和 CRM。 Inhabit Systems Move CRM 4（build 260）版本存在安全漏洞，该漏洞源于其User profile组件允许攻击者实现跨站脚本。

Readme

# CVE-2022-43271

## Stored Cross-Site Scripting (XSS) 

Product: Move CRM (https://inhabit.com.au/Move-Real-Estate-CRM-Software)

Discovery date: 2/8/2022

Fix date: 4/8/2022

Affected Version: version 4, build 260

Fixed Version: version 4, build 261

Description:
The vulnerability was discovered in the 'staff settings' of the CRM, specifically in the 'Profile' text box. When saving the changes and intercepting the POST request, the 'lProfileCopy' parameter can be modified to include an XSS payload and bypass front-end filtering.

File Snapshot


 [4.0K]  /data/pocs/0d2a1b2310a1b585c589a0554ddfaf7af396c7ef
└── [ 538]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!