cbcvebase.
CVE-2020-24912
published 2021-03-04

CVE-2020-24912: A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated…

PriorityP342medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
6.29%
92.7th percentile
A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in profile.php via the stQuery-parameter allows unauthenticated attackers to steal sessions of authenticated users.

Affected

2 ranges
VendorProductVersion rangeFixed in
qcubedqcubed<= 3.1.1
qcubedqcubed>= 0 < 3.23.2

Detection & IOCsextracted from sources · hover to see the quote

path/assets/_core/php/profile.php
path/assets/php/profile.php
path/vendor/qcubed/qcubed/assets/php/profile.php
otherintDatabaseIndex=1&StrReferrer=somethinxg&strProfileData=YToxOntpOjA7YTozOntzOjEyOiJvYmpCYWNrdHJhY2UiO2E6MTp7czo0OiJhcmdzIjthOjE6e2k6MDtzOjM6IlBXTiI7fX1zOjg6InN0clF1ZXJ5IjtzOjExMjoic2VsZWN0IHZlcnNpb24oKTsgc2VsZWN0IGNvbnZlcnRfZnJvbShkZWNvZGUoJCRQSE5qY21sd2RENWhiR1Z5ZENnbmVITnpKeWs4TDNOamNtbHdkRDRLJCQsJCRiYXNlNjQkJCksJCR1dGYtOCQkKSI7czoxMToiZGJsVGltZUluZm8iO3M6MToiMSI7fX0K=
  • Exploit sends a POST request to profile.php with a serialized/base64-encoded strProfileData payload; detect POST requests to profile.php paths containing the stQuery parameter with script injection content.
  • Successful exploitation results in the string alert('xss') reflected in the HTTP response body; monitor responses from profile.php for this pattern as a confirmation of XSS payload execution.
  • Requests use Content-Type: application/x-www-form-urlencoded; filter POST traffic to the three known profile.php paths with this content type for anomalous strProfileData values.
  • The vulnerability is triggered via the stQuery parameter inside the serialized strProfileData POST body; inspect decoded strProfileData for injected script content in the strQuery key.
  • ·The vulnerability affects all versions of qcubed including 3.1.1; there is no version-based exclusion for detection — all deployments should be treated as potentially vulnerable.
  • ·Three distinct installation path variants exist for profile.php; detection rules must cover all three paths to avoid blind spots across different deployment layouts.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.