winery icon indicating copy to clipboard operation
winery copied to clipboard
verified publisher icon eclipse

Fix XSS

Open koppor opened this issue 1 year ago • 0 comments

(Reported privatly)

XSS in Namespase:

  1. Go to Administration -> Namespase -> Add.
  2. Start local server that get handle GET request with headers.
  3. Add payload <img/src=[http://localhost:8082/field_name> in each field name and save.
  4. On local server we can see request from XSS payload with cookies.

XSS in Repositories:

  1. Go to Administration -> Repositories -> Add.
  2. Start local server that get handle GET request with headers.
  3. Add payload <img/src=[http://localhost:8082/field_name> in each field name and save.
  4. On local server we can see request from XSS payload with cookies.

Proposed fix: Apply https://github.com/owasp/java-html-sanitizer

koppor avatar Oct 29 '24 14:10 koppor