Headline
CVE-2021-4020: Cross-site Scripting (XSS) - Stored in janus-gateway
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
Description
an user can enter a text room in janus gateway with a malicious name that contains a xss payload and could poison other users on the room
Proof of Concept
just go to https://janus.conf.meetecho.com/textroomtest.html this is provided by github repo as a demo
then enter in the name <img src=x onerror=alert(document.domain)>
POC video :
https://drive.google.com/file/d/1r8oy-BFGV_Z1WICyQnR_c5Nq4CAfxWuE/view?usp=sharing
Impact
This vulnerability is capable of poison the whole chat and steal other users creds or redirect users to malicious apps.