Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneRedyetihacksH1:2419227
HistoryMar 16, 2024 - 10:27 p.m.

GoCD: XSS in new.loading.page.html

2024-03-1622:27:20
redyetihacks
hackerone.com
35
gocd
xss
new.loading.page.html
inadequate handling
query parameters
javascript uris
xss exploitation
unauthorized scripts
sensitive information
session cookies

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Overview

The vulnerability arises from inadequate handling of query parameters, enabling attackers to insert javascript: URIs as redirectors within the new.loading.page.html file.

var redirectToLanding = function() {
  var locationData = window.location.search.match(/(\?|&)redirect_to=([^&]+)(&|$)/);
  if (locationData === null) {
    window.location.reload(true);
  } else {
    window.location = decodeURIComponent(locationData[2]);
  }
}

View Permalink

When the URL’s query is ?redirect_to=javascript:alert("XSS"), locationData[2] equals 'javascript:alert("XSS")'. Subsequently, triggering redirectToLanding leads to XSS exploitation.

Impact

Attackers can inject javascript: URIs to execute unauthorized scripts, potentially stealing sensitive information such as session cookies or performing actions on behalf of the user.

Related

osv 1
cve 1
cvelist 1
nvd 1
osv
osv
CVE-2024-28866
2024-05-14 15:14:46
cve
cve
CVE-2024-28866
2024-05-14 15:14:46
cvelist
cvelist
CVE-2024-28866 GoCD vulnerable to reflected Cross-site Scripting possible on server loading page during start-up
2024-05-13 13:53:30
nvd
nvd
CVE-2024-28866
2024-05-14 15:14:46

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON
Related for H1:2419227
osv1cve1cvelist1nvd1