Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Issue -Stored XSS (markdown) #35

Closed
alestorm980 opened this issue Feb 7, 2022 · 1 comment
Closed

Security Issue -Stored XSS (markdown) #35

alestorm980 opened this issue Feb 7, 2022 · 1 comment
Labels
bug Something isn't working

Comments

@alestorm980
Copy link

Hi I am a security researcher at Fluid Attacks, our security team found a security issue inside PeteReport version 0.5.

Attached below are the links to our responsible disclosure policy.

Bug description

PeteReport Version 0.5 allows an authenticated admin user to inject persistent javascript code inside the markdown descriptions while creating a product, report or finding.

CVSSv3 Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

CVSSv3 Base Score:

4.8

Steps to reproduce

  1. Click on 'Add Product'.
  2. Insert the following PoC inside the product description.
[XSS](javascript:alert(1))
  1. Click on 'Save Product'
  2. If a user visits the product and click on the link in the description the Javascript code will be rendered.

Screenshots and files

xss

xss_template

System Information

  • Version: PeteReport Version 0.5.
  • Operating System: Docker.
  • Web Server: nginx.
@1modm 1modm added the bug Something isn't working label Feb 8, 2022
@1modm
Copy link
Owner

1modm commented Feb 8, 2022

@alestorm980 Thank you, that happen to me to trust in markdown 🗡️ . Should be fixed in the last commit, take a look and let me know if do you find more issues.

Muchas gracias :)

@1modm 1modm closed this as completed Feb 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

2 participants