CVE-2024-41346
📋 TL;DR
OpenFlights commit 5234b5b is vulnerable to Cross-Site Scripting (XSS) via the php/submit.php endpoint, allowing attackers to inject malicious scripts into web pages viewed by other users. This affects anyone running the vulnerable OpenFlights software, potentially compromising user sessions and data.
💻 Affected Systems
- OpenFlights
📦 What is this software?
Openflights by Jpatokal
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or deface the website.
Likely Case
Session hijacking, credential theft, or malicious content injection affecting users who visit compromised pages.
If Mitigated
Limited impact if proper input validation, output encoding, and Content Security Policy (CSP) are implemented.
🎯 Exploit Status
XSS vulnerabilities are commonly exploited; the GitHub issue provides details on the vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 36733f430b11a78404457a5dfc295ab1182292c0
Vendor Advisory: https://github.com/jpatokal/openflights/commit/36733f430b11a78404457a5dfc295ab1182292c0
Restart Required: No
Instructions:
1. Update to the latest OpenFlights version or apply commit 36733f430b11a78404457a5dfc295ab1182292c0. 2. Replace vulnerable submit.php with the patched version. 3. Verify no custom modifications conflict with the patch.
🔧 Temporary Workarounds
Input Validation and Sanitization
allImplement server-side input validation and output encoding for user inputs in submit.php.
Content Security Policy (CSP)
allDeploy a strict CSP header to mitigate XSS impact by restricting script execution sources.
Header set Content-Security-Policy "default-src 'self'; script-src 'self'" in Apache .htaccess or equivalent
🧯 If You Can't Patch
- Disable or restrict access to the submit.php endpoint if not essential.
- Implement a Web Application Firewall (WAF) with XSS protection rules.
🔍 How to Verify
Check if Vulnerable:
Review the submit.php file for lack of input sanitization or test with XSS payloads in user-controllable fields.Check Version:
git log --oneline | grep -i '5234b5b\|36733f430b11a78404457a5dfc295ab1182292c0'Verify Fix Applied:
Check that commit 36733f430b11a78404457a5dfc295ab1182292c0 is applied and test with XSS payloads to confirm they are sanitized.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to submit.php with script tags or JavaScript payloads in parameters.
- Errors or warnings related to input validation in web server logs.
Network Indicators:
- HTTP requests containing malicious scripts in body or query parameters directed at submit.php.
SIEM Query:
source="web_logs" AND uri="/php/submit.php" AND (body CONTAINS "<script>" OR body CONTAINS "javascript:")