CVE-2021-33570

Sažetak

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections.

Reference

https://github.com/Tridentsec-io/postbird
https://github.com/Paxa/postbird/issues/134
https://github.com/Paxa/postbird/issues/132
https://github.com/Paxa/postbird/issues/133
http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-Local-File-Inclusion.html
http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-Data-Storage.html
https://www.exploit-db.com/exploits/49910
https://tridentsec.io/blogs/postbird-cve-2021-33570/

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

03-06-2022 - 18:54

Objavljeno

25-05-2021 - 22:15