Impact
MyGraph is a permission management system.
MyGraph version 1.0.3 has a storage XSS vulnerability
Remote code execution vulnerability is a Web security vulnerability, we can execute any command, such as whoami.
Patches
https://github.com/renlm/MyGraph
Workarounds
After logging in to the background of MyGraph, you can add an XSS attack code in the "Project name" in the "Workbench" - "Knowledge Library" - "My Project" - "New", so that remote attackers can steal the user's personal information, or even phishing.
References
None
For more information
Add XSS utilization code.
Set to public. The attacker can receive user information when other administrators access it.
Impact
MyGraph is a permission management system.
MyGraph version 1.0.3 has a storage XSS vulnerability
Remote code execution vulnerability is a Web security vulnerability, we can execute any command, such as whoami.
Patches
https://github.com/renlm/MyGraph
Workarounds
After logging in to the background of MyGraph, you can add an XSS attack code in the "Project name" in the "Workbench" - "Knowledge Library" - "My Project" - "New", so that remote attackers can steal the user's personal information, or even phishing.
References
None
For more information
Add XSS utilization code.
Set to public. The attacker can receive user information when other administrators access it.