Cross-site Scripting (XSS) - Reflected in hestiacp/hestiacp

Valid

Reported on

Mar 3rd 2022

Description

Please enter a description of the vulnerability.

Proof of Concept

xss in function add domain
POST /add/web
v-custom-doc-domain=<script>alert(1)</script>
https://drive.google.com/file/d/1EeoOX7Pmn5ptuweine4Cgcy1fyd6qEzJ/view?usp=sharing

Impact

We are processing your report and will contact the hestiacp team within 24 hours. 2 years ago

Jaap Marcus validated this vulnerability 2 years ago

huydoppa has been awarded the disclosure bounty

The fix bounty is now up for grabs

Jaap Marcus

commented 2 years ago

Maintainer

@admin please assign a CVE for this issue

Jamie Slome

commented 2 years ago

Admin

CVE assigned (CVE-2022-0838)! 🎊

Jamie Slome

commented 2 years ago

Admin

Please ping me once you are ready to publish the fix and make the report public, and I will publish the CVE to MITRE.

huydoppa

commented 2 years ago

Researcher

https://www.huntr.dev/bounties/8ce4b776-1c53-45ec-bc5f-783077e2d324/ have 10$ for report

Jaap Marcus

commented 2 years ago

Maintainer

Rules have changed and Huntr.dev doesn't pay anything for Medium or Low CSV score on non featured ones ... Due to complains from maintainers. See Huntr.dev discord channel

Jaap Marcus

commented 2 years ago

Maintainer

Bug was present in a javascript function that displays the domain didn't sanitise it...

Jaap Marcus marked this as fixed in 1.5.10 with commit 640f82 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

Jamie Slome

commented 2 years ago

Admin

CVE published! 🎉

to join this conversation

We are processing your report and will contact the hestiacp team within 24 hours. 2 years ago

Jaap Marcus validated this vulnerability 2 years ago

huydoppa has been awarded the disclosure bounty

The fix bounty is now up for grabs

Jaap Marcus

commented 2 years ago

Maintainer

@admin please assign a CVE for this issue

Jamie Slome

commented 2 years ago

Admin

CVE assigned (CVE-2022-0838)! 🎊

Jamie Slome

commented 2 years ago

Admin

Please ping me once you are ready to publish the fix and make the report public, and I will publish the CVE to MITRE.

huydoppa

commented 2 years ago

Researcher

https://www.huntr.dev/bounties/8ce4b776-1c53-45ec-bc5f-783077e2d324/ have 10$ for report

Jaap Marcus

commented 2 years ago

Maintainer

Rules have changed and Huntr.dev doesn't pay anything for Medium or Low CSV score on non featured ones ... Due to complains from maintainers. See Huntr.dev discord channel

Jaap Marcus

commented 2 years ago

Maintainer

Bug was present in a javascript function that displays the domain didn't sanitise it...

Jaap Marcus marked this as fixed in 1.5.10 with commit 640f82 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

Jamie Slome

commented 2 years ago

Admin

CVE published! 🎉

to join this conversation