CVE-2024-45878

Vulnerability

Overview

The 'Stammdaten' menu of baltic-it TOPqw Webportal v1.35.283.2 is vulnerable to persistent (stored) Cross-Site Scripting (XSS). The vulnerability resides in the page /Apps/TOPqw/qwStammdaten.aspx and allows an authenticated attacker to inject arbitrary JavaScript or HTML code that gets stored on the server and executed when other users view the affected page. The input validation and sanitization are insufficient, leading to the stored XSS flaw [1].

Exploitation

Prerequisites

An attacker must be authenticated to the web portal, as the 'Stammdaten' menu is part of the login-protected area. After authenticating, the attacker can inject malicious script payloads into input fields that are not properly sanitized. The script is then stored and served to other authenticated users who visit the same menu, triggering the XSS payload in their browsers [1].

Impact

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's session. This can lead to session hijacking, exfiltration of sensitive data, defacement, or further attacks against other users. Since the portal stores sensitive personal information about citizens and confidential documents, this XSS vulnerability could be leveraged to access or manipulate such data within the authenticated session [1].

Mitigation

The vendor has addressed the vulnerability in version 1.35.291 of the web portal. Users are advised to update their installations to this fixed version or later. The vulnerability was discovered during a penetration test by G DATA ADAN and disclosed responsibly to the vendor, who promptly released a patch [1].

For the 'QWKalkulation' component, a similar stored XSS vulnerability (CVE-2024-45879) was also fixed in the same version.