Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Cookie-based Cross-site scripting #211

Closed
ghost opened this issue Jul 19, 2018 · 1 comment
Closed

[Security] Cookie-based Cross-site scripting #211

ghost opened this issue Jul 19, 2018 · 1 comment

Comments

@ghost
Copy link

ghost commented Jul 19, 2018

Subject of the issue

Cross-site scripting (XSS) vulnerability in RaspAP-webgui v1.3.1 allow remote attackers (users) to inject arbitrary web script or HTML via the theme cookie.

Steps to reproduce

  1. Login
  2. Execute document.cookie = 'theme="><svg/onload=alert()>;path=/'; in your Javascript console

Now, each time you'll access to a RaspAP-webgui page, alert() will be triggered.

This vulnerability can be used, if an attacker finds another vulnerability to set arbitrary cookies to the user.

Expected behaviour

theme cookie needs to be filtered, before being returned in the page.
D9ping added a commit to D9ping/raspap-webgui that referenced this issue Jul 31, 2018
@D9ping
Fix for RaspAP#211.
a86c8e4 
Signed-off-by: D9ping <D9ping@users.noreply.github.com>
@billz
Copy link
Member

billz commented Aug 3, 2018

Fixed with PR.

@billz billz closed this as completed Aug 3, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@billz