| 标题 | Mist.io Mist Community Edition (CE) 4.7.1 Open Redirect |
|---|
| 描述 | Vulnerability
Reflected Cross-Site Scripting (XSS) via Open Redirect
Summary
Mist Community Edition (CE) before v4.7.2 fails to properly validate the "return_to" parameter in the authentication endpoint, creating an open redirect and a reflected cross-site scripting (XSS) vulnerabilities. An attacker can craft malicious login URLs and send it to the victim. If the victims visits it and authenticates, they will either be redirected to an arbitrary external domain or execute attacker-controlled JavaScript context within Mist CE application. This vulnerability requires user interaction but can lead to credential phishing, session hijacking, or other client-side attacks depending on the payload delivered through the crafted URL.
For full technical details, including proof of concept steps and video please refer to my GitHub repository in the "Advisory / Exploit" field below.
Affected Versions
Vulnerable: ≤ 4.7.1
Fixed: 4.7.2
Suggested Severity
5.5 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vendor Coordination:
The vulnerability was responsibly disclosed to the Mist Community Edition maintainer. They acknowledged the report and explicitly agreed to a potential CVE assignment. A fix was implemented and released in version 4.7.2.
Mist CE Release 4.7.2 (Patched): https://github.com/mistio/mist-ce/releases/tag/v4.7.2
Fix Commit: https://github.com/mistio/mist.api/commit/db10ecb62ac832c1ed4924556d167efb9bc07fad
Discovered by
Alex Perrakis (Stolichnayer)
Efstratios Chatzoglou (efchatz)
Georgios Kambourakis |
|---|
| 来源 | ⚠️ https://github.com/Stolichnayer/mist-ce-open-redirect |
|---|
| 用户 | alexperrakis (UID 85369) |
|---|
| 提交 | 2025-05-23 12時46分 (1 年前) |
|---|
| 管理 | 2025-05-31 18時51分 (8 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 310752 [Mist Community Edition 直到 4.7.1 Authentication Endpoint src/mist/api/views.py login return_to 跨网站脚本] |
|---|
| 积分 | 20 |
|---|