Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

Valid

Reported on

Aug 27th 2021


✍️ Description

When a XSS payload is used as the name of a gf pattern, it executes.

🕵️‍♂️ Proof of Concept

  1. Name a file <img src=x onerror=alert(document.domain)>.json
  2. Import the file as a gf pattern at https://127.0.0.1/scanEngine/tool_settings
  3. Click on the uploaded gf pattern.

💥 Impact

The impact is same as any other Stored XSS vulnerability, but the exploitability is less likely.

Occurences

We have contacted a member of the yogeshojha/rengine team and are waiting to hear back 3 months ago
Yogesh Ojha validated this vulnerability 3 months ago
nerrorsec has been awarded the disclosure bounty
The fix bounty is now up for grabs
Yogesh Ojha
3 months ago

Maintainer


This has been fixed, additionally in Nuclei section also, this is fixed.

PR: https://github.com/yogeshojha/rengine/pull/478

Yogesh Ojha confirmed that a fix has been merged on d7e0a4 3 months ago
Yogesh Ojha has been awarded the fix bounty
Yogesh Ojha
3 months ago

Maintainer


@nerrorsec, Thank you for reporting this. Very much appreciated.

nerrorsec
3 months ago

Researcher


Happy to help :-)

Yogesh Ojha
3 months ago

Maintainer


Congratulations on your bounty! Thank you for making open-source secure!

Jamie Slome
3 months ago

Admin


Nice work all!