Reflected Cross-site Scripting (XSS) Vulnerability in hestiacp/hestiacp

commented a year ago

Researcher

Modified the report for another function that is vulnerable to Reflected XSS, and the original reported one is now fixed.

James Yeung modified the report

a year ago

James Yeung modified the report

a year ago

James Yeung modified the report

a year ago

We have contacted a member of the hestiacp team and are waiting to hear back a year ago

We have sent a follow up to the hestiacp team. We will try again in 7 days. a year ago

James Yeung modified the report

a year ago

Jaap Marcus modified the report

a year ago

Jaap Marcus validated this vulnerability a year ago

James Yeung has been awarded the disclosure bounty

The fix bounty is now up for grabs

commented a year ago

Researcher

@maintainer @admin May I have CVE assigned for this case?

commented a year ago

Maintainer

The XSS vulnerability is indeed successfully executed how ever document.cookie doesn't contain any private data that contains. Session ID or "Access" Cookies.

Session cookies are always managed via our own "php-fpm" install as it always supposed to run on port 8083.
https://github.com/hestiacp/hestiacp/blob/fd42196718a6fa7fe17b37fab0933d3cbcb3db0d/src/deb/php/php-fpm.conf#L36-L37

commented a year ago

Admin

Before assigning a CVE, we do require the 👍 from the maintainer.

commented a year ago

Maintainer

@admin please go a head

commented a year ago

Admin

Sorted! ♥️

CVE-2022-0986 - please ping me once this is ready to be published + fixed 👍

Jaap Marcus marked this as fixed in 1.5.11 with commit fd4219 a year ago

Jaap Marcus has been awarded the fix bounty

This vulnerability will not receive a CVE

commented a year ago

Admin

CVE published! 🎊 It should be available in the MITRE/NVD databases shortly.

to join this conversation

We are processing your report and will contact the hestiacp team within 24 hours. a year ago

James Yeung modified the report

a year ago

James Yeung modified the report

a year ago

James Yeung modified the report

a year ago

James Yeung modified the report

a year ago

commented a year ago

Researcher

Modified the report for another function that is vulnerable to Reflected XSS, and the original reported one is now fixed.

James Yeung modified the report

a year ago

James Yeung modified the report

a year ago

James Yeung modified the report

a year ago

We have contacted a member of the hestiacp team and are waiting to hear back a year ago

We have sent a follow up to the hestiacp team. We will try again in 7 days. a year ago

James Yeung modified the report

a year ago

Jaap Marcus modified the report

a year ago

Jaap Marcus validated this vulnerability a year ago

James Yeung has been awarded the disclosure bounty

The fix bounty is now up for grabs

commented a year ago

Researcher

@maintainer @admin May I have CVE assigned for this case?

commented a year ago

Maintainer

The XSS vulnerability is indeed successfully executed how ever document.cookie doesn't contain any private data that contains. Session ID or "Access" Cookies.

commented a year ago

Admin

Before assigning a CVE, we do require the 👍 from the maintainer.

commented a year ago

Maintainer

@admin please go a head