Cross-site Scripting (XSS) - Stored in yogeshojha/rengine


Reported on

Aug 31st 2021

✍️ Description

Hi, When creating a template for nuclei, it is possible to upload a malicious template with xss load, clicking to see this template will run xss.

🕵️‍♂️ Proof of Concept

1- First, create the fake template:

id: poc-xss
  name: xss-storage-rengine
  author: phor3nsic
  severity: low

  - method: GET
        - "{{BaseURL}}/"

      - type: regex
          - "\\<title\\>poc\\s"
        part: body

2- Upload of this template, and click to view!

💥 Impact

It's possible leak csrftoken of the users and bypass this feature, performing csrf attack for other accounts.

We have contacted a member of the yogeshojha/rengine team and are waiting to hear back 2 years ago
Yogesh Ojha validated this vulnerability 2 years ago
Walleson Moura has been awarded the disclosure bounty
The fix bounty is now up for grabs
Yogesh Ojha
2 years ago


This is a good finding. Though the exploitability is very less likely. You'd have to convenience a user to upload a malicious nuclei template. And since we are likely to not have CSRF, the only way you could deliver the payload is probably social engineering.

Neverthless, a very good finding. This means you guys are hunting bugs literally everywhere lol :D Good job.

Patch is on its way

Yogesh Ojha marked this as fixed with commit ab89a2 2 years ago
Yogesh Ojha has been awarded the fix bounty
This vulnerability will not receive a CVE
Yogesh Ojha
2 years ago


Thank you for reporting this. I've pushed the patches. Additionally, I've also fixed XSS for Tool config input box, and GF patterns upload as well.

You may retest them and update me if you find any other instances of XSS.

Thank you again for reporting this and I very much appreciate it.

Thank you for making open source secure <3

Yogesh Ojha
2 years ago


Also, congratulations on this bounty. I look forward to many more such reports.

Walleson Moura
2 years ago


Hi, Thanks for the reward, but what makes me happy is to contribute to the tool! :)

to join this conversation