Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

xss injection #118

Closed
53n4d opened this issue Mar 6, 2024 · 2 comments
Closed

xss injection #118

53n4d opened this issue Mar 6, 2024 · 2 comments

Comments

@53n4d
Copy link

53n4d commented Mar 6, 2024

Hi, how are you?

I want to report xss vulnerability in aws s3 explorer. POC is below:

Click on the settings icon in the top right corner. Popup will open to enter S3 bucket name.
Type a payload as you can see on this image, and press enter:

Screenshot from 2024-03-05 14-31-14

And you'll get an xss:
Screenshot from 2024-03-05 14-31-23
@john-aws
Copy link
Contributor

john-aws commented Mar 6, 2024

Thanks for the report and a quick way to repro the problem.

john-aws added a commit that referenced this issue Mar 6, 2024
@john-aws
Merge pull request #119 from awslabs/john-aws-issues-118
e18ec68 
Fixes #118
@53n4d
Copy link
Author

53n4d commented Mar 6, 2024

Just to inform, i reported this to: https://cveform.mitre.org/ as a cve request, to inform users about affected version, because xss is usually high or critical vulnerability.

Thank you for your prompt response and quick fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@john-aws @53n4d