Dom XSS in Add Question in answerdev/answer

Valid

Reported on

Jan 11th 2023

Description

Evil users can attack other users or administrator users through this vulnerability, causing other users/administrator user accounts to be taken over

Proof of Concept

step1. Add a normal user and log in img

step2. Add a new question and insert xss payload in the body

<img src=x onerror=alert(localStorage.getItem('_a_lui_')) />

img img

Step3. Login admin user , then Click Contents --> Questtions , Click the new question submitted by the evil user img img Then click Edit to trigger the xss vulnerability and obtain the admin's access_ token img

Impact

Executing JavaScript in victim's session which leads to potential account takeover, perform actions as that user, ...

Occurrences

It is recommended not to use dangerourlySetinnerHTML here , It will not escape malicious html entered by users

We are processing your report and will contact the answerdev/answer team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago
1derian modified the report
a year ago
1derian modified the report
a year ago
We have contacted a member of the answerdev/answer team and are waiting to hear back 10 months ago
We have sent a follow up to the answerdev/answer team. We will try again in 7 days. 10 months ago
answerdev/answer maintainer validated this vulnerability 10 months ago
1derian has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
1derian
10 months ago

Researcher

hi, Can I get the assignment of cve vulnerability number?

answerdev/answer maintainer marked this as fixed in 1.0.4 with commit c3001d 10 months ago
The fix bounty has been dropped
This vulnerability has been assigned a CVE
answerdev/answer maintainer published this vulnerability 10 months ago
Viewer.tsx#L47-L51 has been validated
to join this conversation