klask-io

vulnerability xss on klask-io through "search"
severity 6.3
language java
registry other

✍️ Description

The klask-io project is vulnerable against a reflected XSS occurring in the search functionality. The #search URI part is reflected without proper sanitization inside the search result page, leading to HTML injection and consequent XSS.

🕵️‍♂️ Proof of Concept

  1. Install the software from GitHub @ https://github.com/klask-io/klask-io (I used the Docker installation)
  2. Go on http://172.17.0.2:8080//#/?sort=_score,desc&search=testfr%22%3E%3Cimg/src=%22X%22/onerror=alert(document.domain)%3E
  3. The XSS is triggered!

💥 Impact

This vulnerability allows an attacker to inject malicious HTML/JS inside the page through a maliciously crafted URL which can be then spammed in a forum or be sent through targeted phishing to the victim, having access to the DOM.

References