CVE-2022-42001 BlueSpiceBookshelf extension allows user with regular account and edit permissions to inject arbitrary HTML.

CVE-2022-42001 BlueSpiceBookshelf extension allows user with regular account and edit permissions to inject arbitrary HTML.

XSS is a type of security vulnerability which allows user with limited permission to inject script code or data into the application's script source.
XSS can be exploited by malicious users to inject script code into application's domain via XSS. BlueSpiceBookshelf extension is vulnerable to XSS due to insufficient input validation. It is possible for any user with edit permissions to inject arbitrary script code into application's script source via XSS. Due to lack of input validation, any user with edit permissions can create XSS script code and inject into application's script source via XSS. A malicious user with edit permissions can perform XSS at X-XSS-LOCATION to inject script code into application's script source via XSS. Due to the nature of the XSS, injected script code has full access to application's data via query string. A user with edit permissions can perform XSS at X-XSS-INJECT to inject script code into application's script source via XSS. Due to the nature of the XSS, injected script code has full access to application's data via post data. A user with edit permissions can perform XSS at X-XSS-HREF to inject script code into application's script source via XSS. Due to the nature of the XSS, injected script code has full access to application's data via URL. An attacker can perform XSS at X-XSS-CODE to inject script code into application's script source

How Does XSS Works?

XSS is a type of security vulnerability which allows user with limited permission to inject script code or data into the application's script source. It is possible for any user with edit permissions to inject arbitrary script code into application's script source via XSS. If X-XSS-CODE input parameter is not filtered, a malicious user can perform XSS at that location to inject script code into application's script source via XSS.
A malicious user with edit permissions can perform XSS at X-XSS-LOCATION to inject script code into application's script source via XSS. A malicious user with edit permissions can perform XSS at X-XSS-HREF to inject script code into application's script source via XSS. A malicious user with edit permissions can perform XSS at X-XSSLOCATION to inject script code into application's script source via XSS. A malicious user with edit permissions can perform XSS at URL via HREF parameter in HTTP Request and Response header fields in HTTP requests and responses respectively. An attacker can perform an arbitrary injection by specifying multiple input parameters through POST data and URL query string, which leads to full access of the data and an arbitrary injection of the injected HTML/JavaScript content, and so on.

Description of CVE-2022-42001

BlueSpiceBookshelf is vulnerable to XSS due to insufficient input validation. It is possible for any user with edit permissions to inject arbitrary script code into application's script source via XSS. Due to the nature of the XSS, injected script code has full access to application's data via query string. A malicious user with edit permissions can perform XSS at X-XSS-LOCATION to inject script code into application's script source via XSS.

XSS Methodology

In order to exploit XSS, a malicious user must inject script code into application's script source via XSS. The injection can be performed in different ways.

Vulnerability details

XSS vulnerability can be exploited by malicious users to inject script code into application's domain via XSS.
A malicious user with edit permissions can perform XSS at X-XSS-LOCATION to inject script code into application's script source via XSS. Due to the nature of the XSS, injected script code has full access to application's data via query string.
A user with edit permissions can perform XSS at X-XSS-INJECT to inject script code into application's script source via XSS. Due to the nature of the XSS, injected script code has full access to application's data via post data.
A user with edit permissions can perform XSS at X-XSS-HREF to inject script code into application's script source via XSS. Due to the nature of the XSS, injected script code has full access to application's data via URL.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe