Plateforme
php
Composant
vulnerability-research
Corrigé dans
0.2.1
0.2.2
0.2.3
CVE-2024-13031 describes a problematic cross-site scripting (XSS) vulnerability discovered in White-Jotter, a PHP application. This vulnerability allows an attacker to inject malicious scripts into the Article Content Editor, potentially leading to unauthorized access and data compromise. The vulnerability affects versions 0.2.0 through 0.2.2, and a fix is available in version 0.2.3.
Successful exploitation of CVE-2024-13031 enables an attacker to inject arbitrary JavaScript code into the White-Jotter application. This code can then be executed in the context of a user's browser when they access a page containing the injected script. The primary impact is the potential for account takeover, where an attacker could steal session cookies and impersonate legitimate users. Further, the attacker could use the injected script to steal sensitive data displayed on the page, such as user credentials or confidential information. The attack is remotely exploitable, increasing the potential blast radius.
This vulnerability has been publicly disclosed, increasing the likelihood of exploitation. No specific KEV listing or EPSS score is currently available. Public proof-of-concept code may be available or emerge, further accelerating potential exploitation. The vulnerability was published on 2024-12-30.
Administrators and users of White-Jotter are at risk, particularly those who rely on the Article Content Editor for managing website content. Shared hosting environments where multiple users share the same White-Jotter instance are especially vulnerable, as an attacker could potentially compromise the entire hosting environment through a single vulnerable instance.
• php / web: Examine access logs for suspicious requests targeting /admin/content/editor with unusual parameters. Use grep to search for potentially malicious script tags in the Article Content Editor's output.
grep -i '<script' /var/log/apache2/access.log | grep /admin/content/editor• php / web: Inspect the White-Jotter codebase for instances of unsanitized user input being used in the Article Content Editor. Look for missing or inadequate output encoding.
• generic web: Use curl to test the /admin/content/editor endpoint with a simple XSS payload and observe the response for signs of script execution.
curl -X POST -d '<script>alert("XSS")</script>' http://your-white-jotter-instance/admin/content/editordisclosure
Statut de l'Exploit
EPSS
0.11% (percentile 30%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2024-13031 is to upgrade White-Jotter to version 0.2.3 or later, which contains the fix for this vulnerability. If upgrading is not immediately feasible, consider implementing input validation and output encoding on the Article Content Editor to sanitize user-supplied data. While not a complete solution, this can reduce the attack surface. Reviewing and restricting access to the /admin/content/editor endpoint can also limit potential exposure. After upgrading, confirm the vulnerability is resolved by attempting to inject a simple script through the Article Content Editor and verifying that it is not executed.
Actualizar White-Jotter a una versión posterior a 0.2.2, si existe, que corrija la vulnerabilidad de Cross-Site Scripting (XSS). Si no hay una versión disponible, considerar deshabilitar o eliminar el componente Article Content Editor hasta que se publique una solución. Inspeccionar y sanitizar las entradas de usuarios en el editor de contenido para prevenir la inyección de código malicioso.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-13031 is a cross-site scripting (XSS) vulnerability affecting White-Jotter versions 0.2.0 through 0.2.2, allowing attackers to inject malicious scripts.
You are affected if you are using White-Jotter versions 0.2.0, 0.2.1, or 0.2.2. Upgrade to 0.2.3 or later to mitigate the risk.
Upgrade White-Jotter to version 0.2.3 or later. As a temporary measure, implement input validation and output encoding on the Article Content Editor.
While no active exploitation has been confirmed, the vulnerability has been publicly disclosed, increasing the risk of exploitation.
Refer to the White-Jotter project's official website or repository for the latest security advisories and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.