Menu

#547 Cross-Site-Scripting (XSS)

Future_Requests
closed
nobody
None
1
2023-07-12
2023-07-11
Nguyễn Hữu Cường
No

Hello there,

While doing a security check, I found a Stored Cross-Site-Scripting vulnerability in MRBS v1.11.1. The room name is printed without being wrapped with the htmlspecialchars function. This results in execution of a script placed in the room name.

Thanks,
Cuong

1 Attachments
Exploit_MRBS.docx

Discussion

  • Campbell Morrison

    Campbell Morrison - 2023-07-11

    Could you post the relevant extract from the document here please, so I don't have to open an unknown docx file?

     

    • Nguyễn Hữu Cường

      Nguyễn Hữu Cường - 2023-07-11

      oke.

       

      Last edit: Nguyễn Hữu Cường 2023-07-11
      Exploit_MRBS.pdf

  • Campbell Morrison

    Campbell Morrison - 2023-07-11

    Thanks. I can reproduce the problem and am working on a fix.

     

    • Nguyễn Hữu Cường

      Nguyễn Hữu Cường - 2023-07-11

      With the bug i found, can you give me the cve or the bounty?

       

  • Campbell Morrison

    Campbell Morrison - 2023-07-11

    Now fixed (temporarily - there may be a better fix) in bc1f24f.

     

    • Nguyễn Hữu Cường

      Nguyễn Hữu Cường - 2023-07-11

      With the bug i found, can you give me the cve or the bounty?

       

  • John Beranek

    John Beranek - 2023-07-12
    • status: open --> closed