CVE-2024-37672 – A cross-site scripting (XSS) vulnerability in T... (How to Fix)

Q: What is the severity of CVE-2024-37672?

CVE-2024-37672 has a CVSS score of 5.4 (MEDIUM). A cross-site scripting (XSS) vulnerability in Tessi Docubase Document Management product allows remote attackers to inject malicious scripts via the idactivity parameter. This affects all users of Docubase 5.x versions, potentially compromising user sessions and data.

📋 TL;DR

A cross-site scripting (XSS) vulnerability in Tessi Docubase Document Management product allows remote attackers to inject malicious scripts via the idactivity parameter. This affects all users of Docubase 5.x versions, potentially compromising user sessions and data.

💻 Affected Systems

Products:

Tessi Docubase Document Management

Versions: 5.x

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interface components using the idactivity parameter.

📦 What is this software?

Docubase by Tessi

View all CVEs affecting Docubase →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, or perform actions on behalf of authenticated users, potentially leading to data theft or system compromise.

🟠

Likely Case

Session hijacking, credential theft, or defacement of the application interface through injected malicious scripts.

🟢

If Mitigated

Limited impact with proper input validation and output encoding; attackers could still inject scripts but with reduced effectiveness.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking a malicious link) but is straightforward with public proof-of-concept available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

Check vendor website for security updates or patches. Apply any available fixes following vendor documentation.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement server-side validation and sanitization of the idactivity parameter to remove or encode malicious scripts.

Content Security Policy (CSP)

all

Deploy a strict CSP header to restrict script execution sources, mitigating XSS impact.

🧯 If You Can't Patch

Implement a web application firewall (WAF) with XSS protection rules.
Disable or restrict access to vulnerable components if not essential.

🔍 How to Verify

Check if Vulnerable:

Test by injecting a script payload into the idactivity parameter and observing if it executes in the browser.

Check Version:

Check application version via admin interface or configuration files; refer to vendor documentation.

Verify Fix Applied:

Re-test with the same payload after applying fixes; ensure scripts are not executed and input is properly sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual or malicious strings in idactivity parameter logs, such as script tags or JavaScript code.

Network Indicators:

HTTP requests with suspicious payloads in the idactivity parameter.

SIEM Query:

Example: source="web_server" AND (idactivity CONTAINS "<script>" OR idactivity CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2024-37672

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

Published: June 21, 2024

Last Updated: November 21, 2024

🔗 References

http://docubase.com Product
http://tessi.com Product
https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37672.md Exploit,Third Party Advisory
http://docubase.com Product
http://tessi.com Product
https://github.com/MohamedAzizMSALLEMI/Docubase_Security/blob/main/CVE-2024-37672.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-37672, you might also want to check these: