Medium

zenml

Reflected XSS via Survey Redirect

A reflected Cross-Site Scripting (XSS) vulnerability was identified in version 0.57.1 of a web application due to improper validation of the 'redirect' parameter in the survey feature. This vulnerability allows attackers to execute arbitrary JavaScript code in the context of the user's browser session. The issue was patched in the subsequent release following version 0.57.1.

Available publicly on Jun 30 2024

5.3

CVE:

CVE-2024-5062

CWE:

79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS:

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Credit:

rook1337
AssessDetect

Premium

Remediate
Remediation Steps
  • Ensure input validation is implemented for all URL parameters, especially those involved in redirection.
  • Utilize a whitelist approach to validate redirect URLs against a list of approved destinations.
  • Implement output encoding to prevent the execution of untrusted input.
  • Update the application to the latest version where the vulnerability has been patched.
  • Educate users on the risks of clicking on unknown links and encourage the use of modern browsers with built-in XSS protection.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.