Cross-site Scripting (XSS) - Stored in yogeshojha/rengine


Reported on

Aug 31st 2021

✍️ Description

Hi, When creating a template for nuclei, it is possible to upload a malicious template with xss load, clicking to see this template will run xss.

🕵️‍♂️ Proof of Concept

1- First, create the fake template:

id: poc-xss
  name: xss-storage-rengine
  author: phor3nsic
  severity: low

  - method: GET
        - "{{BaseURL}}/"

      - type: regex
          - "\\<title\\>poc\\s"
        part: body

2- Upload of this template, and click to view!

💥 Impact

It's possible leak csrftoken of the users and bypass this feature, performing csrf attack for other accounts.

We have contacted a member of the yogeshojha/rengine team and are waiting to hear back 10 months ago
Yogesh Ojha validated this vulnerability 10 months ago
Walleson Moura has been awarded the disclosure bounty
The fix bounty is now up for grabs
Yogesh Ojha
10 months ago


This is a good finding. Though the exploitability is very less likely. You'd have to convenience a user to upload a malicious nuclei template. And since we are likely to not have CSRF, the only way you could deliver the payload is probably social engineering.

Neverthless, a very good finding. This means you guys are hunting bugs literally everywhere lol :D Good job.

Patch is on its way

Yogesh Ojha confirmed that a fix has been merged on ab89a2 10 months ago
Yogesh Ojha has been awarded the fix bounty
Yogesh Ojha
10 months ago


Thank you for reporting this. I've pushed the patches. Additionally, I've also fixed XSS for Tool config input box, and GF patterns upload as well.

You may retest them and update me if you find any other instances of XSS.

Thank you again for reporting this and I very much appreciate it.

Thank you for making open source secure <3

Yogesh Ojha
10 months ago


Also, congratulations on this bounty. I look forward to many more such reports.

Walleson Moura
10 months ago


Hi, Thanks for the reward, but what makes me happy is to contribute to the tool! :)

to join this conversation