Cross-site Scripting (XSS) - Stored in siwapp/siwapp

Valid

Reported on

Oct 11th 2021

Description

Stored Cross-Site Scripting (XSS) vulnerability due to the lack of content validation and output encoding. This vulnerability can be exploited by uploading a crafted payload inside a document. Then, the vulnerability can be triggered when the user previews the document´s content.

Proof of Concept

https://drive.google.com/file/d/1CwdnTS6-8QeKL1z9gMe5Gi47RDshs9g1/view?usp=sharing

https://drive.google.com/file/d/19feUEHz0m0KJeOMJerizZ_IUUfYYa112/view?usp=sharing

Payload

injection point Invoicing address "><img src=x onerror=confirm(1)>

Impact

Stored XSS generally occurs when user input is stored on the target server, such as in a database, in a message forum, visitor log, comment field, etc. And then a victim is able to retrieve the stored data from the web application without that data being made safe to render in the browser.

Occurrences

create_spec.rb L1-L27

References

https://owasp.org/www-community/Types_of_Cross-Site_Scripting

We created a GitHub Issue asking the maintainers to create a SECURITY.md 2 years ago

We have contacted a member of the siwapp team and are waiting to hear back 2 years ago

A siwapp/siwapp maintainer validated this vulnerability 2 years ago

Raptor has been awarded the disclosure bounty

The fix bounty is now up for grabs

A siwapp/siwapp maintainer marked this as fixed with commit 924d16 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

create_spec.rb#L1-L27 has been validated

to join this conversation