Skip to content

[SECURITY] - Stored Cross-site Scripting while deleting a scan engine in the Scan Engine deletion confirmation modal box! #460

New issue
New issue
Closed
Closed
[SECURITY] - Stored Cross-site Scripting while deleting a scan engine in the Scan Engine deletion confirmation modal box!#460
Labels
SecuritySecurity related issuesWork in ProgressWorking
@TheBinitGhimire

Description

@TheBinitGhimire
TheBinitGhimire
opened on Aug 20, 2021

Issue Summary

In reNgine v1.0, there is Stored Cross-site Scripting while deleting a Scan Engine in the Scan Engine deletion confirmation modal box!

Steps to Reproduce

  1. Visit your reNgine instance, and login to your account.
  2. Head over to the /scanEngine/ endpoint.
  3. Click on "Add New Engine" and write <img src=binit onerror=alert(document.location)> in the Engine name field.
  4. Now, click on the "Add Engine" button to save the changes.
  5. Click on the cross icon under the Action column, which is used for deleting the scan engine.

You will notice that, while displaying "Are you sure you want to delete {Scan_Engine_Name}?", it will render our Scan Engine Name as it is without performing any sort of sanitization, which results in our JavaScript code inside the XSS payload being executed.

This is how this vulnerability can be reproduced.

Stored Cross-site Scripting while deleting a scan engine in the Scan Engine deletion confirmation modal box!

  • I have confirmed that this issue can be reproduced as described on a latest version/pull of reNgine: yes

Technical details

  • Debian 4.19.181-1

Metadata

Metadata

Assignees

No one assigned

    Labels

    SecuritySecurity related issuesWork in ProgressWorking

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions