High

lunary

Cross-Site Scripting Vulnerability in SAML Metadata Endpoint

A Cross-Site Scripting (XSS) vulnerability was identified in the SAML metadata endpoint of lunary-ai/lunary version 1.2.7. The vulnerability arises from improper validation and escaping of the 'orgId' parameter, allowing attackers to inject malicious scripts. This issue was not explicitly mentioned as patched in the provided data, suggesting the need for immediate attention.

Available publicly on May 31 2024

Threat Overview

The vulnerability exists in the SAML metadata endpoint where the 'orgId' parameter is not properly validated or escaped. This flaw allows an attacker to inject arbitrary JavaScript code into the generated XML metadata response. When this malicious metadata is processed by a browser, the injected script executes within the context of the application, potentially leading to unauthorized actions such as cookie theft or session hijacking.

Attack Scenario

An attacker crafts a malicious URL by appending a specially crafted 'orgId' parameter that includes a script payload. When a user accesses this URL, the application dynamically generates an XML response incorporating the unescaped 'orgId', leading to the execution of the malicious script in the user's browser context. This could result in the compromise of sensitive information or unauthorized actions on behalf of the user.

Who is affected

Users who access the vulnerable SAML metadata endpoint with a maliciously crafted 'orgId' parameter are at risk. This includes both authenticated and unauthenticated users, as the endpoint may not require authentication to access, broadening the potential impact.

Technical Report
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.