Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a CVE vulnerability ID? 
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
New vulnerability? Tell us about it!
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2021-25988
Date: December 29, 2021
Overview
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.Details
IFme has stored XSS vulnerability at notifications which can be directly triggered by sending an ally request to the admin.PoC Details
In the normal window, Access the application by going to http://localhost:3000/users/sign_in and login with admin creds. Now, in the incognito window, go to http://localhost:3000/users/sign_in and login as a normal user. Now, as normal user, go to http://localhost:3000/users/edit and change the name to the XSS payload provided below. Go to http://localhost:3000/allies and search for the admin’s email address. Now press on “Add to allies” for the admin profile. Now in the normal window where we are logged in as admin, refresh the page and xss gets triggered.PoC Code
<IFRAME SRC="javascript:alert(document.domain);"></IFRAME>Affected Environments
1.0.0 to v7.31.4Prevention
Update to version v7.32Language: Ruby
Good to know:
| Base Score: |
|
|---|---|
| Attack Vector (AV): | Network |
| Attack Complexity (AC): | Low |
| Privileges Required (PR): | Low |
| User Interaction (UI): | Required |
| Scope (S): | Changed |
| Confidentiality (C): | Low |
| Integrity (I): | Low |
| Availability (A): | None |
| Base Score: |
|
|---|---|
| Access Vector (AV): | Network |
| Access Complexity (AC): | Medium |
| Authentication (AU): | Single |
| Confidentiality (C): | None |
| Integrity (I): | Partial |
| Availability (A): | None |
| Additional information: |