Reflected XSS in rtxteam/rtx

Valid

Reported on

Apr 29th 2022


Description

hello team, i found a reflected xss in /rtxcomplete/nodeslike via callback parameter

Proof of Concept

https://arax.rtx.ai/rtxcomplete/nodeslike?_=1651210002052&callback=%3CScRiPt%20%3Ealert(document.domain)%3C/ScRiPt%3E&limit=15&word=1

Impact

Steal User Cookie or redirect to malicious sites

We are processing your report and will contact the rtxteam/rtx team within 24 hours. 2 months ago
We have contacted a member of the rtxteam/rtx team and are waiting to hear back 2 months ago
We have sent a follow up to the rtxteam/rtx team. We will try again in 7 days. 2 months ago
rtxteam/rtx maintainer
2 months ago

Maintainer


Thank you, I am filing a bug report about this with our team.

0xRaw
2 months ago

Researcher


Thank you for the fast response highly appreciated.

We have sent a second follow up to the rtxteam/rtx team. We will try again in 10 days. 2 months ago
rtxteam/rtx maintainer
2 months ago

Maintainer


Hi OxRaw, my team reports that they have figured out how to fix the issue and they are testing it out. Thank you for your patience. We will advise when the fix is committed to GitHub and deployed into production. We have opted not to track this in our public issue repository (but rather are tracking it in our private Slack workspace) since it is a security vulnerability in a public-facing system. Thanks again for reporting this to us. We will be in touch with an update within the next week.

rtxteam/rtx maintainer validated this vulnerability a month ago
0xRaw has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
rtxteam/rtx maintainer confirmed that a fix has been merged on 9bb109 a month ago
The fix bounty has been dropped
0xRaw
a month ago

Researcher


Hello thanks for the quick fix, Can i have a CVE for this finding ?

Kind Regrads, Rawi.

rtxteam/rtx maintainer
a month ago

Maintainer


Hi OxRaw, sure, can you please tell me how I can provide you the CVE? I am not so experienced with using the huntr.dev site. Thanks.

0xRaw
a month ago

Researcher


Hey, I'm not that expert too but from what i saw in previous reports that the user should request the CVE and the maintainer should reply with a yes or no based on the maintainer answer the CVE will be issued or not. btw, I sent this report to an admin he will provide the CVE , since you agreed.

Kind Regards, Rawi.

Jamie Slome
a month ago

Admin


Sorted 👍

rtxteam/rtx maintainer
a month ago

Maintainer


Thank you Jamie.

to join this conversation