Medium

zenml

Reflected XSS via Survey Redirect

A reflected Cross-Site Scripting (XSS) vulnerability was identified in version 0.57.1 of a web application due to improper validation of the 'redirect' parameter in the survey feature. This vulnerability allows attackers to execute arbitrary JavaScript code in the context of the user's browser session. The issue was patched in the subsequent release following version 0.57.1.

Available publicly on Jun 30 2024

Threat Overview

The vulnerability arises from the application's handling of the 'redirect' parameter used in the survey feature. Specifically, the application redirects users to a URL specified in the 'redirect' parameter without adequate validation or encoding. This oversight allows attackers to inject malicious JavaScript code as the redirect URL, which is executed in the user's browser upon completing the survey. Such vulnerabilities are particularly dangerous as they can lead to the theft of session cookies, account takeover, and other client-side attacks.

Attack Scenario

An attacker crafts a malicious URL containing a JavaScript payload in the 'redirect' parameter of the survey feature. The attacker then convinces a victim to click on this malicious link and complete the survey. Upon completion, the application redirects the user to the attacker-specified URL, causing the malicious JavaScript to execute in the context of the user's session. This could lead to the theft of session cookies or other sensitive information.

Who is affected

Users of the web application version 0.57.1 who interact with the survey feature and follow links containing a malicious 'redirect' parameter are vulnerable to this attack. This could potentially include a wide range of the application's user base, depending on the distribution and use of the malicious link.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.