Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Fix for Cross-Site Scripting (XSS) - huntr.dev #2158

Merged
merged 2 commits into from Jan 14, 2021

Conversation

huntr-helper
Copy link

https://huntr.dev/users/arjunshibu has fixed the Cross-Site Scripting (XSS) vulnerability 🔨. Think you could fix a vulnerability like this?

Get involved at https://huntr.dev/

Q | A
Version Affected | ALL
Bug Fix | YES
Original Pull Request | 418sec#1
Vulnerability README | https://github.com/418sec/huntr/blob/master/bounties/npm/apexcharts/1/README.md

User Comments:

📊 Metadata *

Bounty URL: https://www.huntr.dev/bounties/1-npm-apexcharts

⚙️ Description *

apexcharts is vulnerable to Cross-Site Scripting (XSS).

💻 Technical Description *

The package does not properly validate some chart fields. This causes XSS and the payload is triggered when tooltip and label fields are rendered. The fix is implemented by sanitizing those fields before rendering them.

🐛 Proof of Concept (PoC) *

  1. Install the package by following this instruction https://apexcharts.com/docs/installation/ or try the live sandbox here https://codepen.io/apexcharts/pen/xYqyYm
  2. Edit JS and insert the XSS payload below in the name field
  3. Payload: 'sales<img src=x onerror=alert(1)>'
  4. XSS payload will get executed.

🔥 Proof of Fix (PoF) *

Build package to apply fix

npm run dev
# or
npm run build

XSS is fixed as shown below.
fix1
fix2
fix3

+1 User Acceptance Testing (UAT)

  • I've executed unit tests.
  • After fix the functionality is unaffected.

@JamieSlome
Copy link
Contributor

@junedchhipa - let me know if you have any questions or thoughts, cheers! 🍰

@junedchhipa junedchhipa merged commit 68f3f34 into apexcharts:master Jan 14, 2021
@junedchhipa
Copy link
Contributor

Thank you for your contribution!

@JamieSlome
Copy link
Contributor

@junedchhipa, if you want more security fixes and patches like this in the future, you can let security researchers know that they can win bounties protecting your repository by copying this small code snippet into your README.md:

[![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)

👇 👇 👇

huntr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

4 participants