CVE-2023-26953 in onekeyadmin
Summary
by MITRE • 03/07/2023
onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 11/13/2025
The vulnerability identified as CVE-2023-26953 represents a critical security flaw in onekeyadmin version 1.3.9 that exposes the application to stored cross-site scripting attacks. This vulnerability specifically manifests within the Add Administrator module, making it particularly dangerous as it allows attackers to inject malicious scripts that persist in the application's database and affect all users who interact with the compromised functionality. The stored nature of this XSS vulnerability means that once the malicious payload is submitted through the vulnerable module, it remains embedded in the system and executes whenever legitimate users access the affected pages, creating a persistent threat vector that can compromise user sessions and data.
The technical implementation of this vulnerability stems from inadequate input validation and output sanitization within the administrator addition process. When administrators or users submit data through the Add Administrator module, the application fails to properly sanitize or escape user-supplied input before storing it in the database. This oversight creates an opening for malicious actors to inject JavaScript code or other malicious payloads that are subsequently executed in the browsers of unsuspecting users who view the stored data. The vulnerability aligns with CWE-79, which categorizes cross-site scripting flaws as weaknesses in input validation and output encoding, and represents a classic example of how insufficient data sanitization can lead to severe client-side exploitation opportunities.
The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with the capability to perform session hijacking, steal sensitive credentials, redirect users to malicious domains, and potentially escalate privileges within the application. Attackers could leverage this vulnerability to establish persistent access to the administrative interface, modify user permissions, access confidential data, or even compromise the entire system through privilege escalation techniques. The attack surface is particularly concerning because the Add Administrator module typically requires elevated privileges to access, meaning that successful exploitation could provide attackers with administrative capabilities that allow them to manipulate the application's core functionality and user management systems.
Organizations using onekeyadmin v1.3.9 should immediately implement comprehensive mitigations to address this vulnerability. The primary remediation involves implementing strict input validation and output encoding mechanisms throughout the application, particularly within the Add Administrator module where user input is processed. This includes sanitizing all user-supplied data before storage and properly escaping output to prevent script execution in browser contexts. Additionally, organizations should consider implementing content security policies to further limit the execution of unauthorized scripts and employ web application firewalls to detect and block suspicious input patterns. The vulnerability also highlights the importance of regular security assessments and keeping third-party applications updated, as this issue demonstrates how outdated software versions can expose organizations to known exploitation techniques that are well-documented in the cybersecurity community and frequently targeted by threat actors following ATT&CK framework techniques related to credential access and privilege escalation.