CVE-2024-38527

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-38527
ZenUML is JavaScript-based diagramming tool that requires no server, using Markdown-inspired text definitions and a renderer to create and modify sequence diagrams. Markdown-based comments in the ZenUML diagram syntax are susceptible to Cross-site Scripting (XSS). The comment feature allows the user to attach small notes for reference. This feature allows the user to enter in their comment in markdown comment, allowing them to use common markdown features, such as `**` for bolded text. However, the markdown text is currently not sanitized before rendering, allowing an attacker to enter a malicious payload for the comment which leads to XSS. This puts existing applications that use ZenUML unsandboxed at risk of arbitrary JavaScript execution when rendering user-controlled diagrams. This vulnerability was patched in version 3.23.25,

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/mermaid-js/zenuml-core/commit/ad7545b33f5f27466cbf357beb65969ca1953e3c
https://github.com/mermaid-js/zenuml-core/security/advisories/GHSA-q6xv-jm4v-349h
Configurations

No configuration.

History

27 Jun 2024, 12:47

Type Values Removed Values Added
Summary
  • (es) ZenUML es una herramienta de diagramación basada en JavaScript que no requiere servidor y utiliza definiciones de texto inspiradas en Markdown y un renderizador para crear y modificar diagramas de secuencia. Los comentarios basados en Markdown en la sintaxis del diagrama ZenUML son susceptibles a Cross-site Scripting (XSS). La función de comentarios permite al usuario adjuntar pequeñas notas como referencia. Esta función permite al usuario ingresar su comentario en un comentario de markdown, lo que le permite utilizar funciones de markdown comunes, como `**` para texto en negrita. Sin embargo, el texto de markdown actualmente no se sanitiza antes de renderizarlo, lo que permite a un atacante ingresar un payload malicioso para el comentario que conduce a XSS. Esto pone a las aplicaciones existentes que usan ZenUML sin sandbox en riesgo de ejecución arbitraria de JavaScript al representar diagramas controlados por el usuario. Esta vulnerabilidad fue parcheada en la versión 3.23.25,

26 Jun 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-06-26 20:15

Updated : 2024-06-27 12:47

NVD link : CVE-2024-38527

Mitre link : CVE-2024-38527

CVE.ORG link : CVE-2024-38527

JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')