Skip to content

Stored Cross-Site Scripting (XSS) via Name and Description Parameters (by @RedHuntLabs) #4308

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sampritdas8 opened this issue Apr 23, 2025 · 0 comments
Open

Stored Cross-Site Scripting (XSS) via Name and Description Parameters (by @RedHuntLabs) #4308

sampritdas8 opened this issue Apr 23, 2025 · 0 comments

Comments

@sampritdas8
Copy link

Hey @PanJiaChen, once again,
I'm Samprit Das from @redhuntlabs. I’ve identified a medium-severity vulnerability in your application. Please review the attached report and address the issue at your earliest convenience.

Title: Stored Cross-Site Scripting (XSS) via Name and Description Parameters

Observation: During testing, it was observed that the application lacks proper input validation and output encoding for the name and description parameters. As a result, malicious scripts can be stored and executed in the browser of users viewing the affected content, making the application vulnerable to Stored Cross-Site Scripting (XSS) attacks.

Severity: Medium (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)

Resources Affected: http://192.168.1.9:9527/dev-api/role

Parameter Affected: name & description

Affected code:
https://github.com/PanJiaChen/vue-element-admin/blob/master/src/views/permission/role.vue#L69
https://github.com/PanJiaChen/vue-element-admin/blob/master/src/views/permission/role.vue#L70

Technical Impact: Stored XSS allows attackers to inject malicious scripts that get executed in the browsers of other users, potentially leading to session hijacking, credential theft, or unauthorized actions.

Business Impact: This can compromise user trust, damage the application's reputation, and may lead to legal or compliance issues, especially if personal or financial data is affected.

Steps to reproduce:

  1. Login to the account and click on New Role.
    Image
  2. Then enter the below payloads in the name and description input field and click on Confirm:
<img src=1 onerror=alert(document.cookie)>
<img src=1 onerror=alert(document.location)>

Image
3. Now observe that the first payload has been pop-up with cookie value.
Image
4. Then again observe that the second payload has been pop-up with url location.
Image

Remediation:
Implement server-side input validation to reject or sanitize malicious input in the name and description parameters. Additionally, use proper output encoding/escaping when rendering user inputs in the browser to prevent script execution. Employ Content Security Policy (CSP) headers as a defense-in-depth measure to mitigate XSS risks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sampritdas8