Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

Valid

Reported on

Aug 27th 2021

✍️ Description

When a XSS payload is used as the name of a gf pattern, it executes.

🕵️‍♂️ Proof of Concept

Name a file <img src=x onerror=alert(document.domain)>.json
Import the file as a gf pattern at https://127.0.0.1/scanEngine/tool_settings
Click on the uploaded gf pattern.

💥 Impact

The impact is same as any other Stored XSS vulnerability, but the exploitability is less likely.

Occurrences

tool.html L41

We have contacted a member of the yogeshojha/rengine team and are waiting to hear back 2 years ago

Yogesh Ojha validated this vulnerability 2 years ago

Niraj Khatiwada has been awarded the disclosure bounty

The fix bounty is now up for grabs

Yogesh Ojha

commented 2 years ago

Maintainer

This has been fixed, additionally in Nuclei section also, this is fixed.

PR: https://github.com/yogeshojha/rengine/pull/478

Yogesh Ojha marked this as fixed with commit d7e0a4 2 years ago

Yogesh Ojha has been awarded the fix bounty

This vulnerability will not receive a CVE

Yogesh Ojha

commented 2 years ago

Maintainer

@nerrorsec, Thank you for reporting this. Very much appreciated.

Niraj Khatiwada

commented 2 years ago

Researcher

Happy to help :-)

Yogesh Ojha

commented 2 years ago

Maintainer

Congratulations on your bounty! Thank you for making open-source secure!

Jamie Slome

commented 2 years ago

Admin

Nice work all!

to join this conversation

We have contacted a member of the yogeshojha/rengine team and are waiting to hear back 2 years ago

Yogesh Ojha validated this vulnerability 2 years ago

Niraj Khatiwada has been awarded the disclosure bounty

The fix bounty is now up for grabs

Yogesh Ojha

commented 2 years ago

Maintainer

This has been fixed, additionally in Nuclei section also, this is fixed.

PR: https://github.com/yogeshojha/rengine/pull/478

Yogesh Ojha marked this as fixed with commit d7e0a4 2 years ago

Yogesh Ojha has been awarded the fix bounty

This vulnerability will not receive a CVE

Yogesh Ojha

commented 2 years ago

Maintainer

@nerrorsec, Thank you for reporting this. Very much appreciated.

Niraj Khatiwada

commented 2 years ago

Researcher

Happy to help :-)

Yogesh Ojha

commented 2 years ago

Maintainer

Congratulations on your bounty! Thank you for making open-source secure!

Jamie Slome

commented 2 years ago

Admin

Nice work all!

to join this conversation