Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
hackeroneB42f97eb69dddcafe5cc278H1:337488
HistoryApr 13, 2018 - 10:35 p.m.

Open-Xchange: [XSS] Forgot password link

2018-04-1322:35:12
b42f97eb69dddcafe5cc278
hackerone.com
$300
22
JSON

Hi.

  1. Go to (without autologin): https://sandbox.open-xchange.com/appsuite/#!!&forgot-password=javascript:alert(1)
  2. Click: Forgot your password?

No check parameter forgot-password in /apps/io.ox/core/boot/form.js:

function n() {
     $("#io-ox-password-forget-form").remove();
     var a = _.url.hash("forgot-password") || p.forgotPassword;
     a ? $("#io-ox-forgot-password").find("a").attr("href", a) : ($("#io-ox-forgot-password").remove(), $("#io-ox-login-store").toggleClass("col-sm-6 col-sm-12"))
}

Impact

malicious code injection

JSON