CVE-2023-33196
published 2023-05-26CVE-2023-33196: Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version…
PriorityP422medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.65%
46.6th percentile
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| craftcms | cms | — | — |
| craftcms | cms | >= 4.0.0-RC1 < 4.4.7 | 4.4.7 |
| craftcms | craft_cms | — | — |
| craftcms | craft_cms | >= 4.0.1 < 4.4.7 | 4.4.7 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Craft CMS stored XSS in review volume
ghsa·2023-05-26
CVE-2023-33196 [MEDIUM] CWE-79 Craft CMS stored XSS in review volume
Craft CMS stored XSS in review volume
### Summary
XSS can be triggered by review volumes
### PoC
1. Access setting tab
2. Create new assets
3. In assets name inject payload: "alert(1337)
4. Click Utilities tab
5. Choose all volumes, or volume trigger xss
6. Click Update asset indexes.
7. Wait to assets update success.
8. Progress complete.
9. Click on review button will trigger XSS
### Root cause
Function: index.php?p=admin/actions/asset-indexes/process-indexing-session&v=1680710595770
After loading completed, progess will load:
"skippedEntries"
and
"missingEntries"
These parameters is not yet filtered, I just tried "skippedEntries" but I think it will be work with "missingEntries"
### My reponse:
{
"session": {
"id": 10,
"indexedVolumes": {
"6": "\"alert(1337)"
},
"totalEntries": 223
OSV
Craft CMS stored XSS in review volume
osv·2023-05-26
CVE-2023-33196 [MEDIUM] Craft CMS stored XSS in review volume
Craft CMS stored XSS in review volume
### Summary
XSS can be triggered by review volumes
### PoC
1. Access setting tab
2. Create new assets
3. In assets name inject payload: "alert(1337)
4. Click Utilities tab
5. Choose all volumes, or volume trigger xss
6. Click Update asset indexes.
7. Wait to assets update success.
8. Progress complete.
9. Click on review button will trigger XSS
### Root cause
Function: index.php?p=admin/actions/asset-indexes/process-indexing-session&v=1680710595770
After loading completed, progess will load:
"skippedEntries"
and
"missingEntries"
These parameters is not yet filtered, I just tried "skippedEntries" but I think it will be work with "missingEntries"
### My reponse:
{
"session": {
"id": 10,
"indexedVolumes": {
"6": "\"alert(1337)"
},
"totalEntries": 223
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7https://github.com/craftcms/cms/releases/tag/4.4.7https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7https://github.com/craftcms/cms/releases/tag/4.4.7https://github.com/craftcms/cms/security/advisories/GHSA-cjmm-x9x9-m2w5
2023-05-26
Published