Stored XSS in application name. in autolab/autolab

Valid

Reported on

May 11th 2022

Description

Hi there, there is a stored XSS in Oauth application name.

Install a local instance of Autolab.
Go to /oauth/applications and create a new application with name <img src=a onerror=alert(document.cookie)>.
Click on Authorize and see that a pop up appears with user's cookies.

Link to POC https://drive.google.com/file/d/1r4bwjW803k_8RhNXAyRZK6Qa6hU6W9cS/view?usp=sharing

Stored XSS, cookies steal.

We are processing your report and will contact the autolab team within 24 hours. a year ago

We have contacted a member of the autolab team and are waiting to hear back a year ago

Joey Wildman modified the Severity from Critical to Low a year ago

The researcher has received a minor penalty to their credibility for miscalculating the severity: -1

Joey Wildman validated this vulnerability a year ago

We have verified this issue and are working on a fix.

justinp09010 has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Damian Ho marked this as fixed in 2.8.0 with commit a0a241 a year ago

Damian Ho has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation