Headline
CVE-2022-23458: GHSL-2022-029: XSS in Toast UI Grid - CVE-2022-23458
Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds.
Coordinated Disclosure Timeline
- 2022/05/12: Opened an issue asking for a security contact
- 2022/05/16: Asked for a security contact [email protected] (Undelivered)
- 2022/06/12: Asked for a security contact [email protected]
- 2022/06/21: [email protected] contacts the Security Lab regarding the opened issue
- 2022/06/21: Report sent to [email protected]
- 2022/07/14: The vulnerability is fixed.
- 2022/08/12: CVE-2022-23458 assigned.
Summary
The nhn/tui.grid component is vulnerable to XSS attacks when pasting specially crafted content into editable cells.
Product
Toast UI Grid
Tested Version
4.21.1
Details****Issue: XSS pasting HTML in editable cell (GHSL-2022-029)
There is a vulnerability when specially crafted html content is pasted in an editable cell.
PoC:
- Open https://cdn.sekurak.pl/copy-paste/playground.html
- Paste <img src="" onerror="alert(123)" /> into the HTML Input box and click Copy as HTML
- Go to https://ui.toast.com/tui-grid
- Double click an input cell (eg. one in the “Artist” column), and paste the HTML you copied in [2].
- Exit the cell by clicking any other cell.
- JavaScript: alert(123) is executed.
Impact
This issue may lead to XSS.
Resources
Fix commit.
CVE-2022-23458
Credit
This issue was discovered by CodeQL team members @kaeluka (Stephan Brandauer) and @erik-krogh (Erik Krogh Kristensen), using a CodeQL query originally contributed by community member @bananabr (Daniel Santos).
You can contact the GHSL team at [email protected], please include a reference to GHSL-2022-029 in any communication regarding this issue.