Teedy v1.11 - Stored cross-site scripting (XSS)
5,7
Medium
Discovered by
Offensive Team, Fluid Attacks
Summary
Full name
Teedy v1.11 - Stored cross-site scripting (XSS)
Code name
State
Public
Release date
25 de set. de 2023
Affected product
Teedy
Affected version(s)
Version 1.11
Vulnerability name
Stored cross-site scripting (XSS)
Vulnerability type
Remotely exploitable
Yes
CVSS v3.1 vector string
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
CVSS v3.1 base score
5.7
Exploit available
Yes
CVE ID(s)
Description
Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp.
Vulnerability
A Stored cross-site scripting (XSS) vulnerability was identified in Teedy v1.11, which can allow an attacker to steal data such as session cookies or even steal private documents from other users. This vulnerability can be exploited in case a user wants to modify the malicious document created by the attacker.
Exploitation
To exploit this vulnerability go to Home -> Add a document -> Edit -> Save -> Edit the created document (this is where the XSS is executed).
It should be clarified that the attacker needs access to the platform in order to exploit this vulnerability. This would be an example of a functional payload:
This payload only retrieves the user's cookie and displays it on the screen, but an attacker could send it to a remote server to steal another user's session.
Our security policy
We have reserved the ID CVE-2023-4892 to refer to this issue from now on. Disclosure policy
System Information
Version: Teedy v1.11 (2023-03-12)
Operating System: MacOS
Mitigation
An updated version of Teedy is available at the vendor page.
References
Vendor page https://teedy.io
Timeline
Vulnerability discovered
11 de set. de 2023
Vendor contacted
12 de set. de 2023
Public disclosure
25 de set. de 2023
