You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Creating/editing module we can edit main.vue, so it leads to stored XSS and also potential impact for interact with WebSocket using valid origin.
Potential impact: Low privilege user affect on high privilege
Steps to Reproduce
Create/edit module
Edit main.vue and add for example: alert("xss") in script block
Open module and browser will render this main.vue
Get XSS alert, or interact with WebSocket using Cross-site Websocket Hijacking bug
Place where not implemented origin check => CSWSH
Exploiting XSS we can interact with WS-server tusing valid origin, so better use CSRF-token to prevent this situations
Screenshots, screen recording, code snippet
Get XSS alert
Environment information
module version: 1.0.1
Which agent binary used?
darwin-amd64
linux-386
linux-amd64
windows-386
windows-amd64
The text was updated successfully, but these errors were encountered:
Describe the bug
Creating/editing module we can edit main.vue, so it leads to stored XSS and also potential impact for interact with WebSocket using valid origin.
Potential impact: Low privilege user affect on high privilege
Steps to Reproduce
Place where not implemented origin check => CSWSH
Exploiting XSS we can interact with WS-server tusing valid origin, so better use CSRF-token to prevent this situations
Screenshots, screen recording, code snippet
Get XSS alert
Environment information
module version: 1.0.1
Which agent binary used?
The text was updated successfully, but these errors were encountered: