Creating/editing module we can edit main.vue, so it leads to stored XSS and also potential impact for interact with WebSocket using valid origin.
Potential impact: Low privilege user affect on high privilege
Steps to Reproduce
Create/edit module
Edit main.vue and add for example: alert("xss") in script block
Open module and browser will render this main.vue
Get XSS alert, or interact with WebSocket using Cross-site Websocket Hijacking bug
Place where not implemented origin check => CSWSH
Exploiting XSS we can interact with WS-server tusing valid origin, so better use CSRF-token to prevent this situations
Screenshots, screen recording, code snippet
Get XSS alert
Environment information
module version: 1.0.1
Which agent binary used?
darwin-amd64
linux-386
linux-amd64
windows-386
windows-amd64
The text was updated successfully, but these errors were encountered:
Describe the bug
Creating/editing module we can edit main.vue, so it leads to stored XSS and also potential impact for interact with WebSocket using valid origin.

Potential impact: Low privilege user affect on high privilege
Steps to Reproduce
Place where not implemented origin check => CSWSH
Exploiting XSS we can interact with WS-server tusing valid origin, so better use CSRF-token to prevent this situations
Screenshots, screen recording, code snippet
Get XSS alert

Environment information
module version: 1.0.1
Which agent binary used?
The text was updated successfully, but these errors were encountered: