\n6. Push the Create Category or Save button\n7. Access to the Categories page again and it triggers xss\n``` \n![image](https://github.com/craftcms/cms/assets/83068208/a1b2890e-731b-4fc4-b189-26591f4486fd)\n![image](https://github.com/craftcms/cms/assets/83068208/4e0f35c7-fbb0-4d38-a0b5-9e28750ff706)\n![image](https://github.com/craftcms/cms/assets/83068208/e046b9db-d83c-4f81-ad91-165c5afedeb9)\n\n#### 2. In the category edit page under the **/admin/categories/**, category title in breadcrumb list isn't sanitized and triggered xss.\n```\n1. Access to the Settings -> Categories ( /admin/settings/categories )\n2. Create new category group\n3. Access to the Categories page ( /admin/categories/ )\n4. Push the New category button\n5. Input the Title column : xss\n6. Push the Create Category or Save button\n7. Access to the Category edit page again and it triggers xss\n``` \n![image](https://github.com/craftcms/cms/assets/83068208/a1b2890e-731b-4fc4-b189-26591f4486fd)\n![image](https://github.com/craftcms/cms/assets/83068208/f7543a11-58eb-4099-9ee2-3461816c52ea)\n![image](https://github.com/craftcms/cms/assets/83068208/f01bbb80-4417-42ca-bf51-b38860f6c74a)\n\n#### 3. In the **/admin/entries** page, entry title isn't sanitized and triggered xss.\n```\n1. Access to the Settings -> Entry Types ( /admin/settings/entry-types )\n2. Create new entry type\n3. Access to the Settings -> Sections ( /admin/settings/sections )\n4. Create new section\n5. Access to the Entries page ( /admin/entries )\n6. Push the New entry button\n7. Input the Title column : xss\n8. Push the Create entry or Save button\n9. Access to the Entries page again and it triggers xss\n``` \n![image](https://github.com/craftcms/cms/assets/83068208/ba700899-947f-4421-a1b7-3f0cc2c0da30)\n![image](https://github.com/craftcms/cms/assets/83068208/b255a999-e48c-46be-b732-4482ea9cee9a)\n![image](https://github.com/craftcms/cms/assets/83068208/445d8e0c-71b6-49c7-8f4a-37541dcc9c85)\n\n#### 4. In the entry edit page under the **/admin/entries/**, entry title in breadcrumb list isn't sanitized and triggered xss.\n```\n1. Access to the Settings -> Entry Types ( /admin/settings/entry-types )\n2. Create new entry type\n3. Access to the Settings -> Sections ( /admin/settings/sections )\n4. Create new section\n5. Access to the Entries page ( /admin/entries )\n6. Push the New entry button\n7. Input the Title column : xss\n8. Push the Create entry or Save button\n9. Access to the Entriy edit page again and it triggers xss\n``` \n![image](https://github.com/craftcms/cms/assets/83068208/ba700899-947f-4421-a1b7-3f0cc2c0da30)\n![image](https://github.com/craftcms/cms/assets/83068208/a59a122b-b9e7-4695-be13-eb8a1c2d36df)\n![image](https://github.com/craftcms/cms/assets/83068208/b0d27446-7ac6-47e7-ac02-20c924698b13)\n\n#### 5. In the **/admin/myaccount** and pages under it, username or full name in breadcrumb list isn't sanitized and triggered xss.\n```\n1. Access to the My Account Page ( /admin/myaccount )\n2. Input the Full Name column : xss\n3. Push the the Save button\n4. Access to the My Account page ( /admin/myaccount ) or pages under it ( /admin/myaccount/addresses , /admin/myaccount/preferences , etc.) and it triggers xss\n``` \n![image](https://github.com/craftcms/cms/assets/83068208/3be45bdd-0757-42a8-bc5d-320ab2339fd0)\n![image](https://github.com/craftcms/cms/assets/83068208/e1be7446-1c54-42bc-af9a-a8ac81a2d7bf)\n![image](https://github.com/craftcms/cms/assets/83068208/5fa06b26-fecd-40f5-bc8b-171f881f8a2a)","inLanguage":"zh-TW","url":"https://vulnscope.dev/zh/cve/CVE-2024-45406","author":{"@type":"Organization","name":"VulnScope","url":"https://vulnscope.dev"},"publisher":{"@type":"Organization","name":"VulnScope","url":"https://vulnscope.dev"},"about":{"@type":"Thing","name":"CVE-2024-45406","identifier":"CVE-2024-45406","additionalProperty":[{"@type":"PropertyValue","name":"CVSS","value":5.5},{"@type":"PropertyValue","name":"EPSS","value":0.00305},{"@type":"PropertyValue","name":"KEV","value":false}]}}

CVE-2024-45406

Craft CMS vulnerable to stored XSS in breadcrumb list and title fields

5.5

MEDIUM

CVSS 3.1

EPSS 0.30%

描述

### Summary Multiple Stored XSS can be triggered by the breadcrumb list and title fields with user input. ### Details 1. In the **/admin/categories** page, category title isn't sanitized and triggered xss. 2. In the category edit page under the **/admin/categories/**, category title in breadcrumb list isn't sanitized and triggered xss. 3. In the **/admin/entries** page, entry title isn't sanitized and triggered xss. 4. In the entry edit page under the **/admin/entries/**, entry title in breadcrumb list isn't sanitized and triggered xss. 5. In the **/admin/myaccount** and pages under it, username or full name in breadcrumb list isn't sanitized and triggered xss. ### Impact Malicious users can tamper with the control panel. ### PoC #### 1. In the **/admin/categories** page, category title isn't sanitized and triggered xss. ``` 1. Access to the Settings -> Categories ( /admin/settings/categories ) 2. Create new category group 3. Access to the Categories page ( /admin/categories/ ) 4. Push the New category button 5. Input the Title column : xss<script>alert('xss')</script> 6. Push the Create Category or Save button 7. Access to the Categories page again and it triggers xss ``` ![image](https://github.com/craftcms/cms/assets/83068208/a1b2890e-731b-4fc4-b189-26591f4486fd) ![image](https://github.com/craftcms/cms/assets/83068208/4e0f35c7-fbb0-4d38-a0b5-9e28750ff706) ![image](https://github.com/craftcms/cms/assets/83068208/e046b9db-d83c-4f81-ad91-165c5afedeb9) #### 2. In the category edit page under the **/admin/categories/**, category title in breadcrumb list isn't sanitized and triggered xss. ``` 1. Access to the Settings -> Categories ( /admin/settings/categories ) 2. Create new category group 3. Access to the Categories page ( /admin/categories/ ) 4. Push the New category button 5. Input the Title column : xss<script>alert('xss')</script> 6. Push the Create Category or Save button 7. Access to the Category edit page again and it triggers xss ``` ![image](https://github.com/craftcms/cms/assets/83068208/a1b2890e-731b-4fc4-b189-26591f4486fd) ![image](https://github.com/craftcms/cms/assets/83068208/f7543a11-58eb-4099-9ee2-3461816c52ea) ![image](https://github.com/craftcms/cms/assets/83068208/f01bbb80-4417-42ca-bf51-b38860f6c74a) #### 3. In the **/admin/entries** page, entry title isn't sanitized and triggered xss. ``` 1. Access to the Settings -> Entry Types ( /admin/settings/entry-types ) 2. Create new entry type 3. Access to the Settings -> Sections ( /admin/settings/sections ) 4. Create new section 5. Access to the Entries page ( /admin/entries ) 6. Push the New entry button 7. Input the Title column : xss<script>alert('xss')</script> 8. Push the Create entry or Save button 9. Access to the Entries page again and it triggers xss ``` ![image](https://github.com/craftcms/cms/assets/83068208/ba700899-947f-4421-a1b7-3f0cc2c0da30) ![image](https://github.com/craftcms/cms/assets/83068208/b255a999-e48c-46be-b732-4482ea9cee9a) ![image](https://github.com/craftcms/cms/assets/83068208/445d8e0c-71b6-49c7-8f4a-37541dcc9c85) #### 4. In the entry edit page under the **/admin/entries/**, entry title in breadcrumb list isn't sanitized and triggered xss. ``` 1. Access to the Settings -> Entry Types ( /admin/settings/entry-types ) 2. Create new entry type 3. Access to the Settings -> Sections ( /admin/settings/sections ) 4. Create new section 5. Access to the Entries page ( /admin/entries ) 6. Push the New entry button 7. Input the Title column : xss<script>alert('xss')</script> 8. Push the Create entry or Save button 9. Access to the Entriy edit page again and it triggers xss ``` ![image](https://github.com/craftcms/cms/assets/83068208/ba700899-947f-4421-a1b7-3f0cc2c0da30) ![image](https://github.com/craftcms/cms/assets/83068208/a59a122b-b9e7-4695-be13-eb8a1c2d36df) ![image](https://github.com/craftcms/cms/assets/83068208/b0d27446-7ac6-47e7-ac02-20c924698b13) #### 5. In the **/admin/myaccount** and pages under it, username or full name in breadcrumb list isn't sanitized and triggered xss. ``` 1. Access to the My Account Page ( /admin/myaccount ) 2. Input the Full Name column : xss<script>alert('xss')</script> 3. Push the the Save button 4. Access to the My Account page ( /admin/myaccount ) or pages under it ( /admin/myaccount/addresses , /admin/myaccount/preferences , etc.) and it triggers xss ``` ![image](https://github.com/craftcms/cms/assets/83068208/3be45bdd-0757-42a8-bc5d-320ab2339fd0) ![image](https://github.com/craftcms/cms/assets/83068208/e1be7446-1c54-42bc-af9a-a8ac81a2d7bf) ![image](https://github.com/craftcms/cms/assets/83068208/5fa06b26-fecd-40f5-bc8b-171f881f8a2a)

來源	版本	嚴重程度	向量
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:L
osv	CVSS 3.1	MEDIUM5.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CVE-2024-45406

描述

如何修補 CVE-2024-45406

CVE-2024-45406 正在被利用嗎?

受影響套件(1)

CVSS 分數

參考連結(4)