CVE-2023-31779 PoC — Wekan 跨站脚本漏洞

Source

https://github.com/jet-pentest/CVE-2023-31779

Associated Vulnerability

Title:Wekan 跨站脚本漏洞 (CVE-2023-31779)
Description:Wekan是Wekan团队的一个可提供制作计划清单、规划时间功能的建站系统。 Wekan v6.84版本存在安全漏洞。攻击者利用该漏洞可以插入JavaScript代码。

Readme

# CVE-2023-31779

## Stored XSS in Wekan
**Description**: Stored XSS vulnerability exists in the "Reaction to comment" feature. An attacker with user privilege on kanban board can execute JavaScript code in the browsers of users who open card with malicious reaction. 

**Impact**: An attacker can steal Meteor.loginToken or change page content for phishing.

**CVSSv3.1 vector**: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (**5.4**)

**CWE**: CWE-79: Improper Neutralization of Input During WebPage Generation ('Cross-site Scripting')

**Affected Component**: `cardCommentReactions.js`

**Vendor**: Open Source kanban board [Wekan](https://github.com/wekan/wekan/). 

## Affected Product
Wekan v5.49 - v6.84

## Steps to reproduce:
1) Add a comment in card:
2) Add any reaction on comment and intercept this request in Proxy. Replace the default `reactionCodepoint` value on payload: `<img src=1 onerror=alert()>`:

## Discoverer
Alexander Starikov (Jet Infosystems, https://jet.su)

## References
- https://wekan.github.io/hall-of-fame/reactionbleed/
- https://nvd.nist.gov/vuln/detail/CVE-2023-31779

File Snapshot


 [4.0K]  /data/pocs/eae6753f1ee2e3ed222a851436e954428e10a354
└── [1.1K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!