Vulnerability Details : CVE-2022-23475
daloRADIUS is an open source RADIUS web management application. daloRadius 1.3 and prior are vulnerable to a combination cross site scripting (XSS) and cross site request forgery (CSRF) vulnerability which leads to account takeover in the mng-del.php file because of an unescaped variable reflected in the DOM on line 116. This issue has been addressed in commit `ec3b4a419e`. Users are advised to manually apply the commit in order to mitigate this issue. Users may also mitigate this issue with in two parts 1) The CSRF vulnerability can be mitigated by making the daloRadius session cookie to samesite=Lax or by the implimentation of a CSRF token in all forms. 2) The XSS vulnerability may be mitigated by escaping it or by introducing a Content-Security policy.
Vulnerability category: Cross site scripting (XSS)Cross-site request forgery (CSRF)
Products affected by CVE-2022-23475
- cpe:2.3:a:daloradius:daloradius:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23475
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23475
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2022-23475
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: security-advisories@github.com (Primary)
-
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-23475
-
https://github.com/lirantal/daloradius/commit/ec3b4a419e20540cf28ce60e48998b893e3f1dea
Improvements to PDF ticket printing and security issues fix/mitigatio… · lirantal/daloradius@ec3b4a4 · GitHubPatch;Third Party Advisory
-
https://github.com/lirantal/daloradius/security/advisories/GHSA-c9xx-6mvw-9v84
dalorRadius XXS+CSRF to Full Account Take over · Advisory · lirantal/daloradius · GitHubExploit;Third Party Advisory
Jump to