Description

1. XSS via Image Error in Search Box:

   • This vulnerability allows an attacker to execute a Cross-Site Scripting (XSS) attack through the search functionality of the web application. When a user performs a search, the application attempts to display an image related to the search query. However, the attacker can craft a malicious search query that includes JavaScript code. When the image rendering fails and generates an error, the injected JavaScript code is executed in the user’s browser, potentially compromising their session or stealing sensitive data.

2. XSS in Course Tags:

   • In this vulnerability, the web application is susceptible to Cross-Site Scripting (XSS) attacks within the course tags feature. Attackers can exploit this weakness by injecting malicious scripts into course tags or related fields. When other users view or interact with these tags, the injected scripts are executed in their browsers, posing a significant security risk. This can lead to unauthorized access, data theft, or the compromise of user accounts within the application. Proper input validation and output encoding should be implemented to mitigate this threat.

Proof of Concept

<img src />
&lt;iframe srcdoc="&lt;script&gt;var secret='secret!'; alert(secret)&lt;/script&gt;"&gt;&lt;/iframe

app/exercise-latest-submission
(/lms/www/people/index.js:39)

$(".member-parent").append(data.message.user_details);
Needs to be sanitized or escaped, use the .text() method to convert the string into plain text to escape HTML or use DOMPurify.sanitize().

/courses/new-course/edit
(/lms/www/courses/create.js:54)

sanitize user input and escape special characters to ensure that user-provided data is not executed as script code. 
Ie:   const sanitizedInput = $(e.target).val().replace(/</g, '<').replace(/>/g, '>');