Headline
CVE-2022-1806: Reflected XSS in rtx
Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18.
Valid
Reported on
Apr 29th 2022
Description
hello team, i found a reflected xss in /rtxcomplete/nodeslike via callback parameter
Proof of Concept
https://arax.rtx.ai/rtxcomplete/nodeslike?_=1651210002052&callback=%3CScRiPt%20%3Ealert(document.domain)%3C/ScRiPt%3E&limit=15&word=1
Impact
Steal User Cookie or redirect to malicious sites
We are processing your report and will contact the rtxteam/rtx team within 24 hours. 20 days ago
We have contacted a member of the rtxteam/rtx team and are waiting to hear back 19 days ago
We have sent a follow up to the rtxteam/rtx team. We will try again in 7 days. 16 days ago
commented 16 days ago
Maintainer
Thank you, I am filing a bug report about this with our team.
0xRaw
commented 15 days ago
Researcher
Thank you for the fast response highly appreciated.
We have sent a second follow up to the rtxteam/rtx team. We will try again in 10 days. 9 days ago
commented 9 days ago
Maintainer
Hi OxRaw, my team reports that they have figured out how to fix the issue and they are testing it out. Thank you for your patience. We will advise when the fix is committed to GitHub and deployed into production. We have opted not to track this in our public issue repository (but rather are tracking it in our private Slack workspace) since it is a security vulnerability in a public-facing system. Thanks again for reporting this to us. We will be in touch with an update within the next week.
A rtxteam/rtx maintainer validated this vulnerability 12 hours ago
0xRaw has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher’s credibility has increased: +7
The fix bounty has been dropped
0xRaw
commented 4 hours ago
Researcher
Hello thanks for the quick fix, Can i have a CVE for this finding ?
Kind Regrads, Rawi.
commented 7 minutes ago
Maintainer
Hi OxRaw, sure, can you please tell me how I can provide you the CVE? I am not so experienced with using the huntr.dev site. Thanks.
to join this conversation
We are processing your report and will contact the rtxteam/rtx team within 24 hours. 20 days ago
We have contacted a member of the rtxteam/rtx team and are waiting to hear back 19 days ago
We have sent a follow up to the rtxteam/rtx team. We will try again in 7 days. 16 days ago
commented 16 days ago
Maintainer
Thank you, I am filing a bug report about this with our team.
0xRaw
commented 15 days ago
Researcher
Thank you for the fast response highly appreciated.
We have sent a second follow up to the rtxteam/rtx team. We will try again in 10 days. 9 days ago
commented 9 days ago
Maintainer
Hi OxRaw, my team reports that they have figured out how to fix the issue and they are testing it out. Thank you for your patience. We will advise when the fix is committed to GitHub and deployed into production. We have opted not to track this in our public issue repository (but rather are tracking it in our private Slack workspace) since it is a security vulnerability in a public-facing system. Thanks again for reporting this to us. We will be in touch with an update within the next week.
A rtxteam/rtx maintainer validated this vulnerability 12 hours ago
0xRaw has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher’s credibility has increased: +7
The fix bounty has been dropped
0xRaw
commented 4 hours ago
Researcher
Hello thanks for the quick fix, Can i have a CVE for this finding ?
Kind Regrads, Rawi.
commented 7 minutes ago
Maintainer
Hi OxRaw, sure, can you please tell me how I can provide you the CVE? I am not so experienced with using the huntr.dev site. Thanks.
to join this conversation