Cross-site Scripting (XSS) - Stored in patrowl/patrowlmanager

Valid

Reported on

Dec 8th 2021

Description

PatrOwl is vulnerable to stored XSS in asset group name. The payload will be triggered when someone try to delete the asset group.

Proof of Concept

https://drive.google.com/file/d/1F7m9g7s6xp-L5Q_Ky5ACOvndWAj8g20s/view?usp=sharing

Impact

This vulnerability permit to an authenticate user to execute JavaScript on other users Web Browser.

References

https://owasp.org/www-community/attacks/xss/

We are processing your report and will contact the patrowl/patrowlmanager team within 24 hours. 2 years ago

We have contacted a member of the patrowl/patrowlmanager team and are waiting to hear back 2 years ago

A patrowl/patrowlmanager maintainer validated this vulnerability 2 years ago

M0rphling has been awarded the disclosure bounty

The fix bounty is now up for grabs

A patrowl/patrowlmanager maintainer

commented 2 years ago

Maintainer

Hi there ! Thank you for the report ! We fix it ASAP

A patrowl/patrowlmanager maintainer marked this as fixed in 1.7.6 with commit 8526f8 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

A patrowl/patrowlmanager maintainer

commented 2 years ago

Maintainer

Fix has been released ! Could please have a quick check on changes ? Thanks !

M0rphling

commented 2 years ago

Researcher

Hi there, I pulled the latest code from master branch and still can see payload executed there.

https://drive.google.com/file/d/1udcYmCKArJk7acwYdO2sOzmhX3fXUhTx/view?usp=sharing

M0rphling

commented 2 years ago

Researcher

Hi thre, sorry after rebuilding the docker images, the XSS is gone. I confirm that this issue has been fixed.

A patrowl/patrowlmanager maintainer

commented 2 years ago

Maintainer

Great :D

to join this conversation

We are processing your report and will contact the patrowl/patrowlmanager team within 24 hours. 2 years ago

We have contacted a member of the patrowl/patrowlmanager team and are waiting to hear back 2 years ago

A patrowl/patrowlmanager maintainer validated this vulnerability 2 years ago

M0rphling has been awarded the disclosure bounty

The fix bounty is now up for grabs

A patrowl/patrowlmanager maintainer

commented 2 years ago

Maintainer

Hi there ! Thank you for the report ! We fix it ASAP

A patrowl/patrowlmanager maintainer marked this as fixed in 1.7.6 with commit 8526f8 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

A patrowl/patrowlmanager maintainer

commented 2 years ago

Maintainer

Fix has been released ! Could please have a quick check on changes ? Thanks !

M0rphling

commented 2 years ago

Researcher

Hi there, I pulled the latest code from master branch and still can see payload executed there.

https://drive.google.com/file/d/1udcYmCKArJk7acwYdO2sOzmhX3fXUhTx/view?usp=sharing

M0rphling

commented 2 years ago

Researcher

Hi thre, sorry after rebuilding the docker images, the XSS is gone. I confirm that this issue has been fixed.

A patrowl/patrowlmanager maintainer

commented 2 years ago

Maintainer

Great :D

to join this conversation