Cross-site Scripting (XSS) - Reflected in ptrofimov/beanstalk_console
Valid
Reported on
Jan 31st 2022
Description
Beanstalk Console is vulnerable to reflected Cross-Site Scripting via the server parameter.
Steps to reproduce
Setup the Beanstalk console locally.
Go to
https://localhost/public/?and add a random server.Visit
https://localhost/public/?server=%3Cimg%20src=x%20onerror=alert(document.domain)%3EYou can see that an alert pops up with the domain name confirming the reflected XSS
Occurrences
We are processing your report and will contact the
ptrofimov/beanstalk_console
team within 24 hours.
a year ago
We created a
GitHub Issue
asking the maintainers to create a
SECURITY.md
a year ago
We have contacted a member of the
ptrofimov/beanstalk_console
team and are waiting to hear back
a year ago
I am a collaborator on the repo, and I am checking now the details.
a year ago
Do let me know if more information is required to verify the issue
We have sent a
follow up to the
ptrofimov/beanstalk_console
team.
We will try again in 7 days.
a year ago
Naveen Prakaasham
has been awarded the fix bounty
This vulnerability will not receive a CVE
include.php#L22
has been validated
to join this conversation
