Alluxio v1.8.1 reflected xss vulnerability #10552
Labels
area-webui
Web UI
priority-low
stale
The PR/Issue does not have recent activities and will be closed automatically
type-bug
This issue is about a bug
Comments
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in two weeks if no further activity occurs. Thank you for your contributions. |
github-actions
bot
added
the
stale
|
Will close it for now, feel free to reopen it and contact us if this is a strong request. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A reflected XSS vulnerability was found in Allusio V1.8.1.
An attacker can inject arbitrary web script or HTML through the "path" parameter in the Browse board, causing a reflected XSS attack and stealing cookies.
POC:
msgbox("foo")";</script><script>alert(document.cookie)</script><script>
Vulnerability trigger point:
http://localhost/browse?path=%2F&offset=0&limit=9
XSS vulnerability will be successfully triggered when an attacker writes POC in the "path" parameter at the URL
Process:
2.Trigger XSS vulnerability
The text was updated successfully, but these errors were encountered: