HTML injection in Tittle in salesagility/suitecrm

Valid

Reported on

Oct 6th 2023


Payload

                  '><h1>TEST</h1>

ProC :`

 https://drive.google.com/file/d/1oCaapPW1MZ0vY5Pa1xsdNHgfPo2Ayt1E/view?usp=sharing

Impact

HMTL injection.

We are processing your report and will contact the salesagility/suitecrm team within 24 hours. 4 months ago
We have contacted a member of the salesagility/suitecrm team and are waiting to hear back 4 months ago
salesagility/suitecrm maintainer
4 months ago

Maintainer


Hi nam-no,

Thank you for your Security Report.

We have raised the issue from this report with our internal security team to be confirmed.

Below is a reference of the issue raised and ID allocated:

SCRMBT-#249 – Huntr.dev: HTML injection in Tittle in salesagility/suitecrm

We will review the issue and confirm whether or not it is a vulnerability within SuiteCRM and meets our criteria for a Security issue. If an issue is not considered a Security issue or that it does not need to be private then we'll raise it via the GitHub bug tracker or a more appropriate place.

Thank you for your contribution to the SuiteCRM project.

Kind regards, SuiteCRM Security Team

salesagility/suitecrm maintainer has acknowledged this report 4 months ago
salesagility/suitecrm maintainer
4 months ago

Maintainer


Hi @nam-no

The Security Team has now assessed the following issue:

SCRMBT-#249 – Huntr.dev: HTML injection in Title in salesagility/suitecrm

This issue has been given a severity grading of 'Moderate'. As such we are planning to schedule the fix to address this issue in to a release in the near future.

We would like to suggest a change in the CVSS rating to CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N (Medium 4.3), the following are the reasons for the change:

Attack Vector

  • Network
  • A victim must access a vulnerable system via the network.

Attack Complexity

  • Low

Privileges Required

  • Low
  • Requires an authenticated ueer

User Interaction

  • None

Scope

  • Unchanged
  • The vulnerability is exploited on the browser and the impact is to the user's browser.

Confidentiality Impact

  • None
  • Requires an authenticated user. Impacts the dashlet for a single user.

Integrity Impact

  • Low

Availability Impact

  • None

Once the fix is released, we aim to include your name in the release notes - giving credit for finding and reporting this issue. Please let us know if you would prefer not be included or have a specific request on how you would like to be referenced within the release notes.

Once the issue is resolved on huntr.dev a CVE will be emitted. We will then update the release notes with this CVE.

Thank you for your assistance and contribution to the SuiteCRM product!

Kind regards, SuiteCRM Security Team

nam-no
4 months ago

Researcher


Oh, this is great. Please make a release note, credit the discovery for this incident, and assign a CVE to it. I hope to receive a response from you soon. Thank you.

Clemente Raposo modified the Severity from Medium (6.5) to Medium (4.3) 4 months ago
The researcher has received a minor penalty to their credibility for miscalculating the severity: -1
Clemente Raposo validated this vulnerability 4 months ago
nam-no has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
nam-no
4 months ago

Researcher


any new update?

Clemente Raposo marked this as fixed in 7.14.2, 7.12.14, 8.4.2 with commit 54bc56 3 months ago
Clemente Raposo has been awarded the fix bounty
This vulnerability has now been published 3 months ago
to join this conversation