Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-5024 PoC — Planno 跨站脚本漏洞

Source
https://github.com/PH03N1XSP/CVE-2023-5024
Associated Vulnerability
Title:Planno 跨站脚本漏洞 (CVE-2023-5024)
Description:Planno是Planno公司的一个人工智能驱动的太阳能开发平台。 Planno 23.04.04版本存在跨站脚本漏洞,该漏洞源于组件Comment Handler存在跨站脚本(XSS)漏洞。
Readme
- Exploit Title: PLANNO 23.04.04 COMMENT CROSS SITE SCRIPTING
- Exploit Author: Angel Metz AKA PH03N1XSP
- Vendor Homepage: [Planno](https://www.planno.fr/)
- Software Link: [GitHub - PlanningBiblio](https://github.com/PlanningBiblio/PlanningBiblio)
- Version: <= 23.04.04
- Tested on: Linux
- CVE-2023-5024

A vulnerability has been discovered in Planno version <= 23.04.04, and it has been categorized as problematic. This vulnerability affects an undisclosed portion of the Comment Handler component's code and can lead to cross-site scripting (XSS) attacks. It has been assigned the name CVE-2023-5024. Importantly, this type of attack can be initiated remotely, and furthermore, an exploit is known to exist to exploit this vulnerability.

## Description: PLANNO 23.04.04 COMMENT CROSS SITE SCRIPTING

### 1st Path

1. Proceed to log in using your credentials.
2. Navigate to the bottom and click on "Ajouter un commentaire."
3. Write a malicious script to obtain a Reflected XSS (`"><script>alert(1);</script>`)
4. Once the script is entered, proceed to obtain the reflected XSS.

### 2nd Path

1. Proceed to log in using your credentials.
2. Go to the upper right and click on "Enregistrer comme modele."
3. In "Nom du module," write a malicious script to obtain a Reflected XSS (`"><script>alert(1);</script>`) and then click on "Enregistrer."
4. Once the script is entered, proceed to obtain the reflected XSS.

You can learn more about it at the following links:

- [CVE-2023-5024 - NVD](https://nvd.nist.gov/vuln/detail/CVE-2023-5024)
- [CVE-2023-5024 - VulDB](https://vuldb.com/?id.239865)
- [CVE-2023-5024 - INCIBE](https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2023-5024)
- [CVE-2023-5024 - CVE Report](https://cve.report/CVE-2023-5024)
- [CVE-2023-5024 - Debricked](https://debricked.com/vulnerability-database/vulnerability/CVE-2023-5024)
- [CVE-2023-5024 - GitHub Advisories](https://github.com/advisories/GHSA-phww-594j-mchh)
- [CVE-2023-5024 - MITRE CVE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5024)
File Snapshot

 [4.0K]  /data/pocs/602f5428e89871de23c0ff7380d837cce4c1ef11
├── [1.0K]  LICENSE
└── [2.0K]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.