CVE-2023-48226

OpenReplay HTML Injection vulnerability

Severity Score

3.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

OpenReplay is a self-hosted session replay suite. In version 1.14.0, due to lack of validation Name field - Account Settings (for registration looks like validation is correct), a bad actor can send emails with HTML injected code to the victims. Bad actors can use this to phishing actions for example. Email is really send from OpenReplay, but bad actors can add there HTML code injected (content spoofing). Please notice that during Registration steps for FullName looks like is validated correct - can not type there, but using this kind of bypass/workaround - bad actors can achieve own goal. As of time of publication, no known fixes or workarounds are available.

OpenReplay es una suite de reproducción de sesiones autohospedada. En la versión 1.14.0, debido a la falta de validación del campo Nombre - Configuración de la Cuenta (para el registro parece que la validación es correcta), un mal actor puede enviar correos electrónicos con código HTML inyectado a las víctimas. Los malos actores pueden utilizar esto para acciones de phishing, por ejemplo. El correo electrónico en realidad se envía desde OpenReplay, pero los malos actores pueden agregar allí código HTML inyectado (suplantación de contenido). Tenga en cuenta que durante los pasos de registro, el nombre completo parece estar validado correctamente; no se puede escribir allí, pero al usar este tipo de omisión/workaround, los malos actores pueden lograr su propio objetivo. En el momento de la publicación, no hay soluciones conocidas ni workarounds disponibles.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-11-13 CVE Reserved
2023-11-21 CVE Published
2024-08-02 CVE Updated
2024-08-02 First Exploit
2024-12-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation
CWE-94: Improper Control of Generation of Code ('Code Injection')

CAPEC

References (5)

URL	Tag	Source
https://bugcrowd.com/vulnerability-rating-taxonomy	Third Party Advisory
https://capec.mitre.org/data/definitions/242.html	Technical Description
https://cwe.mitre.org/data/definitions/20.html	Technical Description
https://github.com/openreplay/openreplay/blob/main/api/chalicelib/utils/html/invitation.html#L421	Product

URL	Date	SRC
https://github.com/openreplay/openreplay/security/advisories/GHSA-xpfv-454c-3fj4	2024-08-02

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Openreplay Search vendor "Openreplay"		Openreplay Search vendor "Openreplay" for product "Openreplay"				< 1.15.0 Search vendor "Openreplay" for product "Openreplay" and version " < 1.15.0"		-		Affected