Unauthenticated Cross Site Scripting - Reflected in yeswiki/yeswiki

Valid

Reported on

Jul 27th 2022


Description

Please enter a description of the vulnerability.

Proof of Concept

XSS POC:
Local Host : http://192.168.0.109:81/?PagePrincipale/rss&id=1%27%3Cscript%3Ealert(1122)%3C/script%3E

Vendor Domain: 
https://yeswiki.net/?AccueiL/rss&id=1%27%3Cscript%3Ealert(1122)%3C/script%3E

Attached POC Images:

Vendor Domain:

Local Host:

Impact

If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. Amongst other things, the attacker can:

Perform any action within the application that the user can perform. View any information that the user is able to view. Modify any information that the user is able to modify. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.

Occurrences

Don't Know :)

We are processing your report and will contact the yeswiki team within 24 hours. 2 months ago
We have contacted a member of the yeswiki team and are waiting to hear back 2 months ago
We have sent a follow up to the yeswiki team. We will try again in 7 days. 2 months ago
Jérémy Dufraisse validated this vulnerability 2 months ago
AggressiveUser has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
AggressiveUser
2 months ago

Researcher


Hi @maintainer, Please allow @admin to assign CVE ID on this report after fix.

We have sent a fix follow up to the yeswiki team. We will try again in 7 days. 2 months ago
Jérémy Dufraisse confirmed that a fix has been merged on fd59bc a month ago
Jérémy Dufraisse has been awarded the fix bounty
RssHandler.php#L19 has been validated
AggressiveUser
a month ago

Researcher


Dear @maintainer / @admin , can i have CVE for this report ?

Jamie Slome
a month ago

Admin


Happy to assign a CVE once we get the go-ahead from the maintainer 👍

AggressiveUser
a month ago

Researcher


@maintainer Please help us out with this :)

to join this conversation