IsarFlow stored cross-site scripting vulnerability
Stored Cross-site Scripting
A stored cross-site scripting vulnerability was found in the IsarFlow software version 5.23 (or earlier) of IsarNet Software Solutions GmbH. We have reported this vulnerability to the software vendor, who immediately addressed the issue and fixed the vulnerability in versions 5.25.14 and 5.26.4.
The dashboard title is not encoded properly in all places and is susceptible to stored cross-site scripting.
Additionally, the “User dashboard” menu provides an admin with the ability to browse and edit all user generated dashboards. This view does also not encode the dashboard title, resulting in the executing of the payload and can therefore be used to target higher privileged user accounts.
To exploit the vulnerability, an attacker needs access to the application.
Max Maier (mgm security partners), Benedikt Haußner (mgm security partners)