Yasgui icon indicating copy to clipboard operation
Yasgui copied to clipboard
verified publisher icon TriplyDB

Cross-Site Scripting (XSS) vulnerability in "endpoint" input field

Open ktk opened this issue 2 years ago • 2 comments

There was a bug bounty event where a company had a look at YASAGUI, they discovered a potential Cross-Site Scripting (XSS) vulnerability in the "endpoint input field. When one submits the following input string to the "endpoint" field:

https://myendpoint.com/query<img/src='x'/onerror='alert(8)'>

YASGUI does not properly sanitize the input and renders the untrusted data as HTML code, which results in the execution of the JavaScript code contained in the onerror attribute.

Steps to Reproduce:

  • Navigate to the "endpoint" input field of the web application.
  • Enter the following input string:

https://myendpoint.com/query<img/src='x'/onerror='alert(8)'>

Submit the input.

ktk avatar Apr 14 '23 07:04 ktk

opened an issue here https://github.com/TarekRaafat/autoComplete.js/issues/406

BenjaminHofstetter avatar Apr 25 '23 15:04 BenjaminHofstetter

It's mentioned in the autoComplete doc. https://github.com/TarekRaafat/autoComplete.js/issues/406#issuecomment-1523908072

BenjaminHofstetter avatar Apr 26 '23 19:04 BenjaminHofstetter