Detection Guidance

This vulnerability can be detected by testing the /msg/add endpoint for stored Cross-Site Scripting (XSS) by injecting payloads such as `<img src=x onerror="alert('xss')">` into the msgContent field and then verifying if the script executes when the message is viewed. Detection involves sending crafted HTTP POST requests to /msg/add with malicious msgContent and observing if the payload executes in the recipient's browser. Specific commands are not provided in the resources, but using tools like curl or Burp Suite to send such payloads and monitoring the response or client-side execution can help detect the vulnerability. [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include: (1) On the frontend, remove the use of the `v-html` directive and replace it with safe text interpolation (`{{ msgContent }}`) or apply whitelist-based sanitization libraries such as DOMPurify to filter out dangerous HTML tags and event handlers. Implement Content Security Policy (CSP) headers to block inline scripts. (2) On the backend, enforce authentication and authorization checks to ensure only authenticated users can insert messages, and apply server-side XSS sanitization using libraries like OWASP Java HTML Sanitizer to clean input before storing it in the database. [1]

Useful 0 Not Useful 0

Executive Summary

This vulnerability is a stored Cross Site Scripting (XSS) issue in jshERP version 3.5 and earlier. It occurs via the /msg/add endpoint, where malicious scripts can be injected and stored, potentially executed later when accessed by users.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow attackers to execute malicious scripts in the context of users' browsers, potentially leading to theft of sensitive information, session hijacking, or other malicious actions affecting users of the affected application.

Useful 0 Not Useful 0