SwiftnessX icon indicating copy to clipboard operation
SwiftnessX copied to clipboard

Published 20 hours ago verified publisher icon ehrishirajsharma

Test Cross-site Scripting Vulnerability

Open ehrishirajsharma opened this issue 6 years ago • 0 comments
trafficstars

Recently, Gaurav reported a Self-XSS vulnerability in video-link feature and you can find the fix at @TomasBaskys's recent commit: https://github.com/ehrishirajsharma/SwiftnessX/commit/5d0e9298f709e6ccfc2fdea24c7f9e8d5e43420b

However, it was later identified that this self-XSS could be escalated using import feature therefore, we're opening this issue to re-test this fix and find any potential way to bypass it.

Areas to Focus

The only possible way to leverage XSS attack is using import feature (when you try to import other user's library/project) so focus on:

  • Import Feature
  • Bypass Rules for restricted/specified video host providers

Beside you can also look into other areas, where your JS payloads gets stored and run everytime you open. (Templates, Payloads, etc)

Please focus only on Stored-XSS, any Self-XSS related issue wouldn't be taken at priority, as sanitization part take place at the time of storage so there's no real-way to escalate the Self-XSS

Please use latest version for testing this.

For suggestion / questions / fix, you can comment here. To report any possible way to bypass, please send an email at [email protected]

ehrishirajsharma avatar May 24 '19 16:05 ehrishirajsharma