Lucene search

GoogleOSV:GHSA-7J9H-CH38-474R

HistoryDec 21, 2023 - 3:30 p.m.

Stored Cross-site scripting affecting automad/automad

2023-12-2115:30:33

Google

osv.dev

stored cross-site scripting

automad

version 1.10.9

sharedcontroller

sitename argument

client side

remote attack

public exploit

software

CVSS2

3.3

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.0%

JSON

automad up to 1.10.9 is vulnerable to stored cross-site scripting in the sitename argument because the SharedController class that handles form data and saving shared information does not properly sanitize the user input on the client side when rendering the data. The attack may be launched remotely and an exploit has been disclosed publicly.

References

github.com/marcantondahmen/automad

github.com/screetsec/VDD/tree/main/Automad%20CMS/Stored%20Cross%20Site%20Scripting%20(XSS)

nvd.nist.gov/vuln/detail/CVE-2023-7035

vuldb.com/?ctiid.248684

vuldb.com/?id.248684

CVSS2

3.3

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:M/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

20.0%

JSON

Related for OSV:GHSA-7J9H-CH38-474R