CVE-2021-33570 — MEDIUM (5.4)

Vulnerability Description

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Postbird Project	Postbird	0.8.4

Related Weaknesses (CWE)

CWE-79

References

http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-DataThird Party AdvisoryVDB Entry
https://github.com/Paxa/postbird/issues/132Issue TrackingThird Party Advisory
https://github.com/Paxa/postbird/issues/133Issue TrackingThird Party Advisory
https://github.com/Paxa/postbird/issues/134Issue TrackingThird Party Advisory
https://github.com/Tridentsec-io/postbirdExploitThird Party Advisory
https://tridentsec.io/blogs/postbird-cve-2021-33570/Broken LinkThird Party AdvisoryURL Repurposed
https://www.exploit-db.com/exploits/49910ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-ExploitThird Party AdvisoryVDB Entry
http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-DataThird Party AdvisoryVDB Entry
https://github.com/Paxa/postbird/issues/132Issue TrackingThird Party Advisory
https://github.com/Paxa/postbird/issues/133Issue TrackingThird Party Advisory
https://github.com/Paxa/postbird/issues/134Issue TrackingThird Party Advisory
https://github.com/Tridentsec-io/postbirdExploitThird Party Advisory
https://tridentsec.io/blogs/postbird-cve-2021-33570/Broken LinkThird Party AdvisoryURL Repurposed

FAQ

What is CVE-2021-33570?

CVE-2021-33570 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a...

How severe is CVE-2021-33570?

CVE-2021-33570 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-33570?

Check the references section above for vendor advisories and patch information. Affected products include: Postbird Project Postbird.