❗Reflected XSS

Reflected XSS (authenticated)

CVE-2024-51423

Infor Global HR v11.23.03.00.21 and prior is affected by a Reflected XSS (AKA Non-Persistent or Type I) vulnerability via the {class} parameter in Error Message Rendering. Authentication is required.

Description

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Infor Global HR v11.23.03.00.21 and prior versions. This vulnerability resides in the URL endpoint responsible for handling class lists. It occurs due to inadequate sanitization and improper handling of user-supplied input in the {class} parameter of the URL, which is reflected in server-generated error messages.

When an undefined or invalid {class} value is passed through the URL, the system attempts to load a non-existent class. As a result, the server generates an error message that includes the provided input without adequate sanitization or proper encoding. Consequently, attackers can inject arbitrary HTML or JavaScript code into this parameter, which, when reflected into the error message, will execute in the context of a user's browser, leading to a cross-site scripting (XSS) vulnerability.

Exploitation

• Modify the {class} parameter in the URL to include a malicious payload, such as JavaScript or HTML code.

• Send the crafted URL to a victim via phishing, social engineering, or any other attack vector.

• When the victim navigates to the modified URL, the application reflects the malicious input directly into the error message without sufficient sanitization.

• The victim’s browser renders the injected payload in the error message, allowing arbitrary script execution within the victim's browser.

Example 1 - Simple JavaScript Alert Injection

Payload

URL Encoded Payload

PoC

Example 2 - Remote JavaScript Injection for Data Theft

Payload

URL Encoded Payload

PoC