Summary
During the vulnerability analysis on Group Office I observed a Stored Cross Site Scripting present in version 6.8.99 where a user can
change his/her name as malicious JavaScript payload which is execute on history.
Details
This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored.
PoC
- Login to Group Office portal as user change your name as payload
<img src=0xadik onerror=alert("XSS")>.
- From another browser login as admin and navigate to
History.
- Click the
Changes column to view what changes; the malicious JavaScript code will execute.
Impact
This can lead to various security risks, including session hijacking, phishing attacks and malware distribution. History page visible to administrative user and when an administrator views the infected page, the attacker may gain elevated privileges, further compromising the system.
0xadik Reporter
Summary
During the vulnerability analysis on Group Office I observed a Stored Cross Site Scripting present in version 6.8.99 where a user can
change his/her name as malicious JavaScript payload which is execute on history.
Details
This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored.
PoC
<img src=0xadik onerror=alert("XSS")>.History.Changescolumn to view what changes; the malicious JavaScript code will execute.Impact
This can lead to various security risks, including session hijacking, phishing attacks and malware distribution. History page visible to administrative user and when an administrator views the infected page, the attacker may gain elevated privileges, further compromising the system.