| 제목 | welovemedia FFmate <= v2.0.15 Cross Site Scripting |
|---|
| 설명 | A stored Cross-Site Scripting (XSS) vulnerability exists in FFmate ≤ v2.0.15 at the webhook execution response display functionality, where webhook responses are stored and rendered without proper sanitization or validation. When webhook responses containing malicious JavaScript payloads are displayed in the executions view, the injected scripts execute in the browsers of users viewing the webhook execution results. As a result, attackers can configure webhooks pointing to malicious endpoints to inject arbitrary JavaScript, potentially leading to session hijacking, credential theft, or malicious actions performed on behalf of victims. Mitigations include implementing HTML sanitization using libraries like DOMPurify, avoiding v-html in favor of safe Vue.js rendering, implementing Content Security Policy (CSP) headers, encoding output context-appropriately, and validating input against a whitelist of allowed HTML tags and attributes. |
|---|
| 원천 | ⚠️ https://github.com/CC-T-454455/Vulnerabilities/tree/master/ffmate/vulnerability-2 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2026. 03. 16. AM 04:48 (18 날 ago) |
|---|
| 모더레이션 | 2026. 03. 31. PM 06:15 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 354444 [welovemedia FFmate 까지 2.0.15 Webhook AppJsonTreeView.vue 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|