We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Reflected xss in installation space parameter in cockpit-hq/cockpit

Valid

Reported on

Aug 19th 2023

Description

Cross-Site Scripting (XSS) is a type of security vulnerability that occurs when an attacker injects malicious code, usually in the form of scripts, into a web application. This code is then executed by unsuspecting users who visit the affected web page. in this case the path of ./install/index.php?space=XSS is vulnerable to this attack, the line 59 takes input without any validation.

I should mention that local file enumeration is also possible using the error: <FILE> does not exist and if the file do exist we dont any error.

Proof of Concept

install/index.php?1692443074&space=../index.phv"><img%20src=1%20onerror=alert(1)>

screen shot of xss: https://wormhole.app/YXAjY#4tugWnQRULX2djrg_d-nAQ

Impact

An attacker could execute javascript into victim browser

We are processing your report and will contact the cockpit-hq/cockpit team within 24 hours. a month ago
We have contacted a member of the cockpit-hq/cockpit team and are waiting to hear back a month ago
cockpit-hq/cockpit maintainer has acknowledged this report a month ago
Artur validated this vulnerability a month ago
10Xdev has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Artur marked this as fixed in 2.6.4 with commit 306094 a month ago
Artur has been awarded the fix bounty
This vulnerability has been assigned a CVE
Artur published this vulnerability a month ago
10Xdev
a month ago

Researcher

thank you so much.

to join this conversation