Skip to content

Stored XSS when updating analysis details #375

Closed
@lum8rjack

Description

@lum8rjack

The application does not sanitize the user input when updating the details of a firmware. When updating the firmware details, the applications posts the data to the "upload-analysis/[uid]" page. That page then runs the function "_get_meta_from_request()" within the /src/helperFunctions/mongo_task_conversion.py script. I tested the "tags" and "version" fields by adding JavaScript to the updated fields (it looks like other fields are possibly vulnerable too). This data is not sanitized and is stored in the application. Each time a page is requested with this information, the JavaScript is ran. I added some screenshots to help. Using the "escape" function within flask could be a solution to sanitize the input. I tested it against the version field and it worked. Let me know if there are any additional questions.

1_post
Adding js to the tags field
3_injected
When browsing to the home page it loads the js
2_popup
js is executed
4_sourcecode_escape
Used the escape function to sanitize the input
5_escaped

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions