CVE-2020-25148

Vulnerability

Observium Professional, Enterprise & Community version 20.8.10631 is vulnerable to stored Cross-Site Scripting (XSS) in the iftype page. The vulnerability lies in pages/iftype.inc.php, where the type parameter is not properly sanitized, allowing an attacker to inject arbitrary JavaScript. The injected script is stored and executed when other users access the affected page [1].

Exploitation

An unauthenticated attacker can exploit this vulnerability by sending a crafted GET request to /iftype/type=<malicious_payload>. For example, the payload %3Csvg%20onload=alert(1)%3E triggers an alert on page load. The injected script is stored in the application and executed in the browsers of any user visiting the iftype page [1].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's session. This can lead to session hijacking, theft of sensitive data, or defacement of the application. The attack does not require authentication, increasing its severity [1].

Mitigation

As of the publication date (2020-09-25), no official patch has been released. Users should implement input validation and output encoding for the type parameter, or restrict access to the vulnerable page until a fix is provided. Monitoring for suspicious requests to /iftype/ is recommended [1].