Headline
CVE-2021-39491: [SECURITY] - Stored Cross-site Scripting while deleting a scan engine in the Scan Engine deletion confirmation modal box! · Issue #460 · yogeshojha/rengine
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .
Issue Summary
In reNgine v1.0, there is Stored Cross-site Scripting while deleting a Scan Engine in the Scan Engine deletion confirmation modal box!
Steps to Reproduce
- Visit your reNgine instance, and login to your account.
- Head over to the
/scanEngine/
endpoint. - Click on “Add New Engine” and write
<img src=binit onerror=alert(document.location)>
in the Engine name field. - Now, click on the “Add Engine” button to save the changes.
- Click on the cross icon under the Action column, which is used for deleting the scan engine.
You will notice that, while displaying "Are you sure you want to delete {Scan_Engine_Name}?", it will render our Scan Engine Name as it is without performing any sort of sanitization, which results in our JavaScript code inside the XSS payload being executed.
This is how this vulnerability can be reproduced.
- I have confirmed that this issue can be reproduced as described on a latest version/pull of reNgine: yes
Technical details
- Debian 4.19.181-1