Cross-site Scripting (XSS) - Reflected in ptrofimov/beanstalk_console
Valid
Reported on
Jan 31st 2022
Description
Beanstalk Console is vulnerable to reflected Cross-Site Scripting via the server parameter.
Steps to reproduce
Setup the Beanstalk console locally.
Go to
https://localhost/public/?
and add a random server.Visit
https://localhost/public/?server=%3Cimg%20src=x%20onerror=alert(document.domain)%3E
You can see that an alert pops up with the domain name confirming the reflected XSS
Occurrences
We are processing your report and will contact the
ptrofimov/beanstalk_console
team within 24 hours.
4 months ago
We created a
GitHub Issue
asking the maintainers to create a
SECURITY.md
4 months ago
We have contacted a member of the
ptrofimov/beanstalk_console
team and are waiting to hear back
4 months ago
I am a collaborator on the repo, and I am checking now the details.
Do let me know if more information is required to verify the issue
We have sent a
follow up to the
ptrofimov/beanstalk_console
team.
We will try again in 7 days.
4 months ago
include.php#L22
has been validated
to join this conversation