Open Closed

Login page is vulnerable to Cross-site Scripting (XSS) attacks #3042


User avatar
0
alaam@ecash-pay.com created

If you're creating a bug/problem report, please include followings:

  • ABP Framework version: v4.4.4
  • UI type: Blazor
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): Identity Server Separated
  • Exception message and stack trace: No Exception
  • Steps to reproduce the issue:"

Open link :

https://login.example.com/Account/Manage?returnUrl=data:;;;:;base64______%2CPHNDcklwdCA%2BcHJvbXB0KDk1ODYpPCAvU2NSaXBUP g==

After login, return to Application button href will run the injected base64 script instead of going back to application

<div class="mb-2 row"> <div class="col"> <a class="btn btn-primary" id="returnUrlLink" href="data:;;;:;base64______,PHNDcklwdCA&#x2B;cHJvbXB0KDk1ODYpPCAvU2NSaXBUPg=="> <i class="fa fa-chevron-left mr-2"></i>Volver a la aplicación </a> </div> </div>

My Application is currently under Pentration Test by Government and they won't give me a license if I didn't solve this threat.

Regards,


5 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    It is not login page, it is identityserver manage profile page right?

    To be sure, can you share screenshot about the page and the link you are having problem with?

  • User Avatar
    0
    alaam@ecash-pay.com created

    Yes it' identity server.

    Here is the screen shot:

    Thanks.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Thank you for your report.

    I have created an internal issue about this. We will investigate.

  • User Avatar
    0
    alaam@ecash-pay.com created

    Any News?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    https://github.com/abpframework/abp/pull/12569

Made with ❤️ on ABP v9.1.0-preview. Updated on November 01, 2024, 05:35