Cross-site Scripting (XSS) - Reflected in cortezaproject/corteza-server

Valid

Reported on

Feb 11th 2022

Description

The logout function doesn't clean/filter value of "back" parameter before reflecting into html code leading to Reflected XSS vulnerability.

Proof of Concept

Visit URL: https://latest.cortezaproject.org/auth/logout?back=%22%3E%3Cscript%3Ealert(origin)%3C/script%3E%3C%22

Poc: https://drive.google.com/file/d/13LU2PhHgD9_82gSxKwoo3266YdpMxWlD/view?usp=sharing

Impact

Reflected XSS. Attacker can steal user's data or phishing attack.

We are processing your report and will contact the cortezaproject/corteza-server team within 24 hours. 2 years ago
We have contacted a member of the cortezaproject/corteza-server team and are waiting to hear back 2 years ago
We have sent a follow up to the cortezaproject/corteza-server team. We will try again in 7 days. 2 years ago
We have sent a second follow up to the cortezaproject/corteza-server team. We will try again in 10 days. 2 years ago
Denis Arh validated this vulnerability 2 years ago
nhiephon has been awarded the disclosure bounty
The fix bounty is now up for grabs
Denis Arh marked this as fixed in 2021.9.x with commit 8c0a62 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
handle_logout.go#L25 has been validated
amammad
2 years ago

Nice catch nhiephon 👍

to join this conversation