Crater
Monthly
Cross-site scripting in Crater invoice application (up to v6.0.6) allows an authenticated attacker to inject malicious script payloads via the invoice notes field, executing in the browser of any user who subsequently views the crafted invoice. The vulnerable function getFormattedString in app/Http/Requests/InvoicesRequest.php performs insufficient neutralization of the notes argument, classified under CWE-79. A public proof-of-concept exploit exists; no vendor patch has been released as the project has not responded to the coordinated disclosure made via GitHub issue #1327.
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Cross-site scripting in Crater invoice application (up to v6.0.6) allows an authenticated attacker to inject malicious script payloads via the invoice notes field, executing in the browser of any user who subsequently views the crafted invoice. The vulnerable function getFormattedString in app/Http/Requests/InvoicesRequest.php performs insufficient neutralization of the notes argument, classified under CWE-79. A public proof-of-concept exploit exists; no vendor patch has been released as the project has not responded to the coordinated disclosure made via GitHub issue #1327.
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.