Plataforma
other
Componente
fluig-platform
Corrigido em
1.6.1
1.7.1
1.8.1
1.8.2
CVE-2023-6275 is a cross-site scripting (XSS) vulnerability affecting TOTVS Fluig Platform versions up to 1.8.1. This vulnerability allows an attacker to inject malicious scripts into web pages viewed by other users, potentially leading to session hijacking or defacement. The vulnerability resides in the /mobileredir/openApp.jsp file and is triggered by manipulating the redirectUrl/user parameter. Affected users should upgrade to version 1.7.1-231128, 1.8.0-231127, or 1.8.1-231127.
Successful exploitation of CVE-2023-6275 enables an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the Fluig Platform. This can lead to a variety of malicious actions, including stealing session cookies, redirecting users to phishing sites, or modifying the content of web pages. The impact is particularly severe if the Fluig Platform is used to manage sensitive data or critical business processes, as an attacker could potentially gain unauthorized access to this information. The vulnerability's remote accessibility significantly expands the potential attack surface, as it can be exploited from anywhere with network access to the platform.
CVE-2023-6275 has been publicly disclosed and a proof-of-concept may be available. While the CVSS score is LOW, the ease of exploitation and potential impact warrant immediate attention. The vulnerability was published on 2023-11-24. There is no indication of active exploitation campaigns at this time, but the public disclosure increases the risk of opportunistic attacks.
Organizations using TOTVS Fluig Platform for workflow automation, document management, or other business processes are at risk. Specifically, deployments using older versions (≤1.8.1) and those with limited security controls or monitoring are particularly vulnerable. Shared hosting environments where multiple tenants share the same Fluig Platform instance are also at increased risk.
• generic web:
curl -I 'https://<fluig_platform_url>/mobileredir/openApp.jsp?redirectUrl=<script>alert(document.domain)</script>' | grep HTTP/1.1• generic web:
grep -i "<script>alert(document.domain)</script>" /var/log/apache2/access.log• generic web:
grep -i "<script>alert(document.domain)</script>" /var/log/apache2/error.logdisclosure
patch
Status do Exploit
EPSS
52.49% (percentil 98%)
Vetor CVSS
The primary mitigation for CVE-2023-6275 is to upgrade to a patched version of TOTVS Fluig Platform: 1.7.1-231128, 1.8.0-231127, or 1.8.1-231127. If immediate upgrading is not possible, consider implementing temporary workarounds such as input validation and output encoding on the redirectUrl/user parameter. Web application firewalls (WAFs) configured to detect and block XSS payloads can also provide an additional layer of defense. Carefully review and sanitize all user-supplied input before rendering it in web pages. After upgrading, confirm the fix by attempting to trigger the vulnerability with the original payload and verifying that the script is not executed.
Actualice a las versiones 1.7.1-231128, 1.8.0-231127 o 1.8.1-231127, o a una versión posterior. Estas versiones contienen la corrección para la vulnerabilidad XSS. Se recomienda actualizar el componente afectado lo antes posible.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2023-6275 is a cross-site scripting (XSS) vulnerability in TOTVS Fluig Platform versions up to 1.8.1, allowing attackers to inject malicious scripts.
If you are using TOTVS Fluig Platform version 1.8.1 or earlier, you are potentially affected by this vulnerability.
Upgrade to version 1.7.1-231128, 1.8.0-231127, or 1.8.1-231127 to address the vulnerability.
While there's no confirmed active exploitation, the public disclosure increases the risk of opportunistic attacks.
Refer to the official TOTVS security advisory for detailed information and updates regarding CVE-2023-6275.
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.