Cross-site Scripting (XSS) - Stored in hestiacp/hestiacp

Valid

Reported on

Aug 19th 2023

Description

1. Go to Setting Server ==> Choose Configuare.
2. Continue to choose backup ==>  Remote Backup.
3. Inject the payload into the fields host,port,username...

Proof of Concept

link ProC : https://drive.google.com/file/d/1DcCMP9lT93HYNO3RzGllCV_u3Mgk7yfK/view?usp=sharing

Payload

payload = "><img src=x onerror=alert(1)

Impact

Stored XSS vulnerabilities can lead to data theft, account compromise, and the distribution of malware. Attackers can inject malicious scripts into a website, allowing them to steal sensitive information or hijack user sessions. Additionally, stored XSS can result in website defacement and content manipulation, causing reputational damage. It can also be used as a platform for launching phishing attacks, tricking users into revealing their credentials or sensitive data

We are processing your report and will contact the hestiacp team within 24 hours. a month ago

nam-no modified the report

a month ago

We have contacted a member of the hestiacp team and are waiting to hear back a month ago

Jaap Marcus modified the Severity from High (8.8) to Low (3.2) a month ago

nam-no

commented a month ago

Researcher

@maintainer Hi, can you please specify a CVE for this vulnerability. It's necessary for my work

The researcher has received a minor penalty to their credibility for miscalculating the severity: -1

Jaap Marcus validated this vulnerability a month ago

nam-no has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Jaap Marcus marked this as fixed in 1.8.6 with commit d30e3e a month ago

Jaap Marcus has been awarded the fix bounty

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Aug 25th 2023

nam-no

commented a month ago

Researcher

Thank you for responding.

Jaap Marcus published this vulnerability a month ago

to join this conversation

We are processing your report and will contact the hestiacp team within 24 hours. a month ago

nam-no modified the report

a month ago

We have contacted a member of the hestiacp team and are waiting to hear back a month ago

Jaap Marcus modified the Severity from High (8.8) to Low (3.2) a month ago

nam-no

commented a month ago

Researcher

@maintainer Hi, can you please specify a CVE for this vulnerability. It's necessary for my work

The researcher has received a minor penalty to their credibility for miscalculating the severity: -1

Jaap Marcus validated this vulnerability a month ago

nam-no has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Jaap Marcus marked this as fixed in 1.8.6 with commit d30e3e a month ago

Jaap Marcus has been awarded the fix bounty

This vulnerability has been assigned a CVE

This vulnerability is scheduled to go public on Aug 25th 2023

nam-no

commented a month ago

Researcher

Thank you for responding.

Jaap Marcus published this vulnerability a month ago

to join this conversation