{"id":21689,"date":"2023-12-21T13:47:56","date_gmt":"2023-12-21T12:47:56","guid":{"rendered":"https:\/\/herolab.usd.de\/?page_id=21689"},"modified":"2024-01-02T10:08:55","modified_gmt":"2024-01-02T09:08:55","slug":"usd-2022-0060","status":"publish","type":"page","link":"https:\/\/herolab.usd.de\/en\/security-advisories\/usd-2022-0060\/","title":{"rendered":"usd-2022-0060"},"content":{"rendered":"<p>[et_pb_section fb_built=\"1\" _builder_version=\"4.21.0\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.21.0\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.23.1\" _module_preset=\"default\" custom_padding=\"||13px|||\" global_colors_info=\"{}\"]<\/p>\n<h1>usd-2022-0060 | Stored XSS in User ID in CPTO 6.3.8.6<\/h1>\n<h1><\/h1>\n<p><strong>Advisory ID<\/strong>: usd-2022-0060<br \/><strong>Product<\/strong>: Cash Point &amp; Transport Optimizer CPTO<br \/><strong>Affected Version<\/strong>: 6.3.8.6 (#718) 06.07.2021<br \/><strong>Vulnerability Type<\/strong>: CWE 79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')<br \/><strong>Security Risk<\/strong>: Medium<br \/><strong>Vendor URL<\/strong>: <a href=\"https:\/\/www.sesami.io\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.sesami.io\/<\/a><br \/><strong>Vendor acknowledged vulnerability<\/strong>: Yes<br \/><strong>Vendor Status<\/strong>: Fixed<br \/><strong>CVE number<\/strong>: CVE-2023-31298<br \/><strong>CVE Link<\/strong>: Pending<\/p>\n<p>&nbsp;<\/p>\n<h3>Description<\/h3>\n<p>An admin user can exploit new system users or other admin users by creating a new system user and injecting JavaScript into the User ID field. The payload triggers when the new user needs to change the password upon logging in the first time. Furthermore, the payload triggers once the new user is logged in. Additionally, the payload triggers when a different admin user views the application log.<\/p>\n<h3>Fix<\/h3>\n<p>Users should update CPTO to its current version.<\/p>\n<p>User-supplied input should always be sanitized.<\/p>\n<h3>References<\/h3>\n<p><a href=\"https:\/\/www.owasp.org\/index.php\/Cross-site_Scripting_(XSS)\" target=\"_blank\" rel=\"noopener\">https:\/\/www.owasp.org\/index.php\/Cross-site_Scripting_(XSS)<\/a><\/p>\n<h3>Timeline<\/h3>\n<ul>\n<li><strong>2022-11-03<\/strong>: Vulnerabilities discovered by Marcus Nilsson.<\/li>\n<li><strong>2022-11-28<\/strong>: The Responsible Disclosure tries to establish contact with vendor for the first time.<\/li>\n<li><strong>2023-04-27<\/strong>: CVE IDs are requested and subsequently reserved.<\/li>\n<li><strong>2023-05-12<\/strong>: Trying to establish contact via phone and email has been unsucessful, usd AG's customer notifies the team that vulnerabilities should by fixed come autumn.<\/li>\n<li><strong>2023-11-23<\/strong>: Marcus Nilsson got in touch with vendor, the advisories shall be published without a Proof-Of-Concept of the exploits in December.<\/li>\n<li><strong>2023-12-21<\/strong>: Advisory published by usd AG.<\/li>\n<\/ul>\n<h3>Credits<\/h3>\n<p>This security vulnerability was found by Marcus Nilsson of usd AG.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>usd-2022-0060 | Stored XSS in User ID in CPTO 6.3.8.6 Advisory ID: usd-2022-0060Product: Cash Point &amp; Transport Optimizer CPTOAffected Version: 6.3.8.6 (#718) 06.07.2021Vulnerability Type: CWE 79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Security Risk: MediumVendor URL: https:\/\/www.sesami.io\/Vendor acknowledged vulnerability: YesVendor Status: FixedCVE number: CVE-2023-31298CVE Link: Pending &nbsp; Description An admin user [&hellip;]<\/p>\n","protected":false},"author":114,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-21689","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/21689","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/114"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=21689"}],"version-history":[{"count":5,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/21689\/revisions"}],"predecessor-version":[{"id":21841,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/21689\/revisions\/21841"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=21689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}