CVE-2023-33196

描述

### Summary XSS can be triggered by review volumes ### PoC 1. Access setting tab 2. Create new assets 3. In assets name inject payload: "<script>alert(1337)</script> 4. Click Utilities tab 5. Choose all volumes, or volume trigger xss 6. Click Update asset indexes. 7. Wait to assets update success. 8. Progress complete. 9. Click on review button will trigger XSS ### Root cause Function: index.php?p=admin/actions/asset-indexes/process-indexing-session&v=1680710595770 After loading completed, progess will load: "skippedEntries" and "missingEntries" These parameters is not yet filtered, I just tried "skippedEntries" but I think it will be work with "missingEntries" ### My reponse: { "session": { "id": 10, "indexedVolumes": { "6": "\"<script>alert(1337)</script>" }, "totalEntries": 2235, "processedEntries": 2235, "cacheRemoteImages": true, "listEmptyFolders": false, "isCli": false, "actionRequired": true, "dateCreated": "Apr 5, 2023, 9:03:16 AM", "skippedEntries": [ "\"<script>alert(1337)</script>/assetpreviews/Image.php", "\"<script>alert(1337)</script>/assetpreviews/Pdf.php" ], "missingEntries": { "folders": [], "files": [] }, "processIfRootEmpty": false }, "skipDialog": false } Resolved in https://github.com/craftcms/cms/commit/053d7119697e480ff81c5723bb9a33eaa49e0fc7

如何修補 CVE-2023-33196

要修補 CVE-2023-33196,請將受影響套件升級到下列已修補版本。

—升級至 4.4.7 或更新版本

CVE-2023-33196 正在被利用嗎?

低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。

受影響套件(1)

>= 4.0.0-RC1, < 4.4.7

描述

如何修補 CVE-2023-33196

CVE-2023-33196 正在被利用嗎?

受影響套件(1)

CVSS 分數

參考連結(5)