graphite-web icon indicating copy to clipboard operation
graphite-web copied to clipboard
verified publisher icon graphite-project

[BUG] [XSS] Multiple reflected cross-site scripting vulnarabilites in Graphite composer mygraph parameters(action and graphName).

Open 0x566164696D opened this issue 2 years ago • 0 comments

Product Graphite

Product Version Current master branch

Environment docker graphiteapp/graphite-statsd. Builded from the current master branch.

Vulnerability Reflected cross-site scripting (XSS)

Severity Medium

Description Cross-site scripting is a type of attack on web application clients, in which any code prepared by an attacker can be executed in the client’s browser. Vulnerability to this type of attack occurs due to incorrect filtering of user input data.

Impact As a result of the attack, an attacker can steal a user session, make requests on behalf of the user, and get user credentials, etc.

Expected behavior Sanitize all the parameters passed to the server by the user.

Steps to Reproduce

  • Login to the system
  • Go to
http://127.0.0.1/composer/mygraph?action="><script>alert(1)</script>&graphName=test
http://127.0.0.1/composer/mygraph?action=delete&graphName="><script>alert(1)</script>

0x566164696D avatar Jan 20 '23 08:01 0x566164696D