# CVE-2023-33829: Stored-XSS-on-SCM-Manager-1.60

## Summary

A vulnerability is discovered in the SCM Manager 1.2 <= 1.60 version that allows an attackers previously authenticated with write permissions execute javascript code in specific fields.

This Proof of Concept is maded in a local environment deploying a SCM Manager 1.60 using docker

### CVE published:


## Requirements

1 - Git clone the repository
2 - Make sure that you are into the repository
3 - pip3 install -r requirements.txt
4 - python3 -h

## Installing SCM Manager 1.60

Copy and paste this bash script in a file, bring execution permissions and execute the file:


mkdir /var/lib/scm
chown 1000:1000 /var/lib/scm
docker run -v /var/lib/scm:/var/lib/scm -p 8080:8080 sdorra/scm-manager

The script is created by sdorra, here is the oficial link:

NOTE: You need to have installed docker previously.

Once you have installed the SCM Manager 1.60, it will request you a username and a password:

Username : scmadmin
Password: scmadmin

Proof of Concept:


2- Create a new repository with whatever type but in the **Description** field is the vulnerable, so let's inject the payload and it will be triggered:


3- Create a new user and the specific vulnerable field is **Display Name**, so inject the payload introduced before:


4- Create a new group and the specific vulnerable field is **Description**, so inject our payload:


PAYLOAD USED: ``` <img src=x onerror=alert(1)> ```

## FIX
New Versions of the SCM Manager are fixed.