We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Html Injection in Contributors in squidex/squidex

Valid

Reported on

Feb 4th 2023

Description

Html injection in Contributors and just only need html payload in Display Name and fire in Contributors list

Proof of Concept

1. Login to squidex 
2. Create an app with random name.
2. Go to Edit Profile then Edit users display name with html payload = <h1>Sanket_722</h1>
3. Go to https://localhost/app/{App/Random Name}/settings/contributors 
For Full understanding check POC : https://drive.google.com/file/d/1W8KdHgQKBRvRDKbNnPvrv9fYWItI9gQa/view?usp=sharing
// PoC.js
var payload = <h1>Sanket_722</h1>

Impact

inert html character in Contributors list and change response with special character

We are processing your report and will contact the squidex team within 24 hours. 8 months ago
We have contacted a member of the squidex team and are waiting to hear back 8 months ago
Sebastian Stehle validated this vulnerability 8 months ago
Sanket Salavi has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Sanket Salavi
8 months ago

Researcher

Can i get CVE for this ? Thanks in advance!

Sanket Salavi
6 months ago

Researcher

Any Updates ??

Sebastian Stehle marked this as fixed in 7.4.0 with commit 2aca76 2 months ago
Sebastian Stehle has been awarded the fix bounty
This vulnerability has been assigned a CVE
Sebastian Stehle published this vulnerability 2 months ago
to join this conversation