| शीर्षक | stonith404 pingvin-share 1.13.0 DOM-Based XSS, Open Redirect |
|---|
| विवरण | A reflected Cross-Site Scripting (XSS) vulnerability has been discovered in Pingvin Share's sign-in auto-redirect functionality. The application improperly trusts a URL parameter (redirect) during the sign-in redirect flow. An attacker can craft a malicious link that, when opened by an authenticated user, performs a client-side redirect and executes arbitrary JavaScript in the context of their browser. This could lead to session hijacking, credential theft, or unauthorized actions performed on behalf of the victim.
---
CVSS v3.1 Score Justification
Base Score: 8.2 (High)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Attack Vector (AV): Network (N) – The vulnerability is exploitable remotely over the network via a crafted URL.
Attack Complexity (AC): Low (L) – The attack does not require complex conditions; the vulnerable code path is easily reached. The attacker only needs to know the correct parameter name (redirect).
Privileges Required (PR): None (N) – Attacker does not need any privileges to craft a malicious link.
User Interaction (UI): Required (R) – The victim must click on the attacker's malicious link.
Scope (S): Changed (C) – The vulnerable component is the client-side code, but the impact (executing arbitrary script) affects the user's browser session and the data accessible within the application's security context.
Confidentiality (C): High (H) – Successful exploitation could lead to complete loss of confidentiality. An attacker can call authenticated API endpoints, access sensitive data, and other information stored in the browser's context.
Integrity (I): Low (L) – An attacker could potentially modify some data or perform actions on behalf of the user.
Availability (A): None (N) – The attack does not directly impact the availability of the application or its data.
---
Note to moderator: The vendor was notified on March 8, 2026 with a 45-day disclosure deadline of Apr. 22, 2026. Vendor responded promptly with "I’m not maintaining Pingvin Share anymore and therefore the project is archived." After a bit of back and forth, the absence of activity on the GitHub project, and the expiry past the disclosure deadline, I have decided to proceed with public disclosure. It is reasonable that users self-hosting the product are unaware of the vulnerability. Let me know if you require screenshots/evidence of the CVD email chain (I am unable to upload private documents).
CVD: https://gist.github.com/TrebledJ/0efceef4f3a2e0515cc2fe96b4c22679
Vendor: https://github.com/stonith404/
Product: https://github.com/stonith404/pingvin-share
Similar VDB Entries: VDB-358037, VDB-356245 |
|---|
| स्रोत | ⚠️ https://gist.github.com/TrebledJ/0efceef4f3a2e0515cc2fe96b4c22679 |
|---|
| उपयोगकर्ता | trebledj (UID 94356) |
|---|
| सबमिशन | 27/04/2026 07:45 PM (1 महीना पहले) |
|---|
| संयम | 25/05/2026 09:10 PM (28 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 365539 [stonith404 pingvin-share तक 1.13.0 Sign-in Auto-Redirect signIn.tsx getServerSideProps redirect क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|