categoly Cross-site Scripting (XSS) - Stored in nuxsmin/syspass

Valid

Reported on

May 21st 2022


Description

The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Proof of Concept

  1. Create new user,add category and add XSS payload(" onClick="alert(1)")
  2. Search user.
  3. Click Client tab.
  4. xss is executed.

Please check this video. https://drive.google.com/file/d/1PAyU-OunbaP9But9ga60ria-W6G3yfTC/view?usp=sharing

Impact

Every user clicking the menu can be affected by malicious javascript code created by the attacker.

Overall, " characters are not escaped. XSS may occur in other areas.

We are processing your report and will contact the nuxsmin/syspass team within 24 hours. a month ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md a month ago
We have contacted a member of the nuxsmin/syspass team and are waiting to hear back a month ago
nuxsmin gave praise a month ago
Hi!, thanks for the notice. It seems that some values aren't being processed for a clean output within HTML tag's attributes. I'm currently working on a fix to be released shortly. Regards
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
We have sent a follow up to the nuxsmin/syspass team. We will try again in 7 days. a month ago
nuxsmin validated this vulnerability a month ago
Nick has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
nuxsmin confirmed that a fix has been merged on 3c026f a month ago
The fix bounty has been dropped
to join this conversation