CVE-2022-34323

Severity Score

5.4

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an attacker to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Filters and Display model features (OnlineBanking > Web Monitoring > Settings > Filters / Display models). The name of a filter or a display model is interpreted as HTML and can thus embed JavaScript code, which is executed when displayed. This is a stored XSS. Another issue is present in the Notification feature (OnlineBanking > Configuration > Notifications and alerts > Alerts *). The name of an alert is interpreted as HTML, and can thus embed JavaScript code, which is executed when displayed. This is a stored XSS. (Also, an issue is present in the File download feature, accessible via /OnlineBanking/cgi/isapi.dll/DOWNLOADFRS. When requesting to show the list of downloadable files, the contents of three form fields are embedded in the JavaScript code without prior sanitization. This is essentially a self-XSS.)

Se descubrieron múltiples problemas XSS en Sage XRT Business Exchange 12.4.302 que permiten a un atacante ejecutar código JavaScript en el contexto de los navegadores de otros usuarios. El atacante debe autenticarse para acceder a las funciones vulnerables. Hay un problema presente en las funciones del modelo Filtros y Visualización (Banca en línea > Monitoreo web > Configuración > Filtros / Modelos de visualización). El nombre de un filtro o de un modelo de visualización se interpreta como HTML y, por lo tanto, puede incrustar código JavaScript, que se ejecuta cuando se muestra. Este es un XSS almacenado. Otro problema está presente en la función de Notificaciones (Banca en Línea > Configuración > Notificaciones y alertas > Alertas *). El nombre de una alerta se interpreta como HTML y, por lo tanto, puede incrustar código JavaScript, que se ejecuta cuando se muestra. Este es un XSS almacenado. (Además, existe un problema en la función de descarga de archivos, a la que se puede acceder a través de /OnlineBanking/cgi/isapi.dll/DOWNLOADFRS. Cuando se solicita mostrar la lista de archivos descargables, el contenido de tres campos del formulario se incrusta en el código JavaScript sin previo aviso. sanitización. Esto es esencialmente un auto-XSS.)

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-06-22 CVE Reserved
2023-01-01 CVE Published
2024-08-03 CVE Updated
2024-08-03 First Exploit
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC
https://www.synacktiv.com/sites/default/files/2022-12/sage_xrt_multiple_xss.pdf	2024-08-03

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sage Search vendor "Sage"		Sage Xrt Business Exchange Search vendor "Sage" for product "Sage Xrt Business Exchange"				12.4.302 Search vendor "Sage" for product "Sage Xrt Business Exchange" and version "12.4.302"		-		Affected