Headline
CVE-2021-36686: Stored XSS in remarks of the interface · Issue #2190 · YMFE/yapi
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.
版本号
~ 1.9.1
什么问题
~Stored XSS in remarks of the interface
如何复现此问题
~ Demo: https://yapi.baidu.com
Create a group after login:
Then create a new project:
Enter the project, and add an interface:
After adding successfully, enter the interface edit page:
Scroll down to the remark module. Insert the payload:
<? =><video src=x onerror=alert(document.domain)>After saving, return to the group. Click on the member list and add the username we want to attack. (There is no need for confirmation from the target user, as long as the user name is correct, the target user can be added to the project. Here we use another account to test.)
After the victim logged into the system, he found that he was added to a group:
He entered the group, viewed the project interface, entered the edit page, and triggered the XSS Payload inserted by the attacker.
什么浏览器
~ Firefox Chrome
什么系统(Linux, Windows, macOS)
macOS
Related news
Cross Site Scripting (XSS) vulnerability in yapi 1.9.1 allows attackers to execute arbitrary code via the /interface/api edit page.