CVE-2023-31779 PoC — Wekan 跨站脚本漏洞

Source

https://github.com/jet-pentest/CVE-2023-31779

Associated Vulnerability

Title:Wekan 跨站脚本漏洞 (CVE-2023-31779)
Description:Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). An attacker with user privilege on kanban board can insert JavaScript code in in "Reaction to comment" feature.

Readme

# CVE-2023-31779

## Stored XSS in Wekan
**Description**: Stored XSS vulnerability exists in the "Reaction to comment" feature. An attacker with user privilege on kanban board can execute JavaScript code in the browsers of users who open card with malicious reaction. 

**Impact**: An attacker can steal Meteor.loginToken or change page content for phishing.

**CVSSv3.1 vector**: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (**5.4**)

**CWE**: CWE-79: Improper Neutralization of Input During WebPage Generation ('Cross-site Scripting')

**Affected Component**: `cardCommentReactions.js`

**Vendor**: Open Source kanban board [Wekan](https://github.com/wekan/wekan/). 

## Affected Product
Wekan v5.49 - v6.84

## Steps to reproduce:
1) Add a comment in card:
2) Add any reaction on comment and intercept this request in Proxy. Replace the default `reactionCodepoint` value on payload: `<img src=1 onerror=alert()>`:

## Discoverer
Alexander Starikov (Jet Infosystems, https://jet.su)

## References
- https://wekan.github.io/hall-of-fame/reactionbleed/
- https://nvd.nist.gov/vuln/detail/CVE-2023-31779

File Snapshot


 [4.0K]  /data/pocs/eae6753f1ee2e3ed222a851436e954428e10a354
└── [1.1K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!