| tiêu đề | Demtec, s.r.o Graphlytic 5.0.7 Cross Site Scripting |
|---|
| Mô tả | Graphytics version 5.0.7 is vulnerable to Stored Cross-Site Scripting (XSS), allowing attackers to execute malicious JavaScript in a victim’s browser. This can lead to session hijacking, as the application does not enforce the HttpOnly flag on session cookies, making them accessible to client-side scripts. Exploiting this vulnerability could result in unauthorized access to user sessions and sensitive information.
The issue was tested in the Dockerized version of Graphytics, following the installation guide provided at: "https://graphlytic.com/doc/latest/Install_with_Docker_on_Ubuntu.html"
#### Steps to Reproduce: ####
1. Login to the application.
2. Create a new visualization.
3. Click on save.
4. Write any name under 30 charachters.
5. In the description, add the following payload:
```
"><!---->img src=x onerror=alert(document.cookie) >
```
5. Click on Projects / View the list from top left to execute the Stored XSS payload. |
|---|
| Nguồn | ⚠️ https://github.com/HexC0d3/graphlytic-xss-exploits/blob/main/stored_xss.md |
|---|
| Người dùng | addy_pwn (UID 77999) |
|---|
| Đệ trình | 04/04/2025 10:30 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 14/04/2025 23:17 (11 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 304672 [Demtec Graphytics 5.0.7 /visualization Mô tả Tập lệnh chéo trang] |
|---|
| điểm | 20 |
|---|