| عنوان | demtec.sk Graphlytics 5.0.7 Cross Site Scripting |
|---|
| الوصف | [ Reflected XSS on Graphytics v5.0.7 ]
Graphytics version 5.0.7 is vulnerable to Reflected Cross-Site Scripting (XSS), allowing attackers to execute malicious JavaScript in a victim’s browser. This can lead to session hijacking, as the application does not enforce the HttpOnly flag on session cookies, making them accessible to client-side scripts. Exploiting this vulnerability could result in unauthorized access to user sessions and sensitive information.
The issue was tested in the Dockerized version of Graphytics, following the installation guide provided at: https://graphlytic.com/doc/latest/Install_with_Docker_on_Ubuntu.html
Payload used:
http://{graphlytic-ip}:8080/visualization?name`;alert(document.cookie);`=1
Refer complete POC published on the Git repo.
Note:
If possible please add Adamya Varma ([email protected]) as co-researcher for the vulnerability |
|---|
| المصدر | ⚠️ https://github.com/HexC0d3/graphlytic-xss-exploits/blob/main/reflected_xss.md |
|---|
| المستخدم | 0xc0de (UID 83444) |
|---|
| ارسال | 04/04/2025 09:15 AM (1 سنة منذ) |
|---|
| الاعتدال | 14/04/2025 11:17 PM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 304671 [Demtec Graphytics 5.0.7 HTTP GET Parameter /visualization البرمجة عبر المواقع] |
|---|
| النقاط | 20 |
|---|