Cross-site Scripting (XSS) - Stored in yogeshojha/rengine

Valid

Reported on

Aug 27th 2021


✍️ Description

When a XSS payload is used as the name of a gf pattern, it executes.

🕵️‍♂️ Proof of Concept

  1. Name a file <img src=x onerror=alert(document.domain)>.json
  2. Import the file as a gf pattern at https://127.0.0.1/scanEngine/tool_settings
  3. Click on the uploaded gf pattern.

💥 Impact

The impact is same as any other Stored XSS vulnerability, but the exploitability is less likely.

Occurrences

We have contacted a member of the yogeshojha/rengine team and are waiting to hear back 10 months ago
Yogesh Ojha validated this vulnerability 10 months ago
nerrorsec has been awarded the disclosure bounty
The fix bounty is now up for grabs
Yogesh Ojha
10 months ago

Maintainer


This has been fixed, additionally in Nuclei section also, this is fixed.

PR: https://github.com/yogeshojha/rengine/pull/478

Yogesh Ojha confirmed that a fix has been merged on d7e0a4 10 months ago
Yogesh Ojha has been awarded the fix bounty
Yogesh Ojha
10 months ago

Maintainer


@nerrorsec, Thank you for reporting this. Very much appreciated.

nerrorsec
10 months ago

Researcher


Happy to help :-)

Yogesh Ojha
10 months ago

Maintainer


Congratulations on your bounty! Thank you for making open-source secure!

Jamie Slome
10 months ago

Admin


Nice work all!

to join this conversation