Open Closed

Reflected Cross Site-Scripting (XSS) #4697


User avatar
0
zulfazlibakri created
  • ABP Framework version: v5.3.1
  • UI type: Angular
  • DB provider: EF Core
  • Exception message and stack trace: Cross-site scripting works by manipulating a vulnerable web site so that it returns malicious JavaScript to users. When the malicious code executes inside a victim's browser, the attacker can fully compromise their interaction with the application.
  • Steps to reproduce the issue:" We identify that a cookie name “_tenant” was infected with XSS attack. Please sanitize this to block all executable payload in the cookie. It affected on HttpApi.Host and IdentityServer

Preventing cross-site scripting is trivial in some cases but can be much harder depending on the complexity of the application and the ways it handles user-controllable data.


3 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    did you set this cookie value manually?

  • User Avatar
    0
    zulfazlibakri created

    Yes, I set manually. But this issue still harmful is if attackers attack local machine and change this cookies manually to put some script. I hope ABP can take this issue seriously because it will effect our current development in term of security if this issue not solve. Tq

  • User Avatar
    0
    alper created
    Support Team Director

    This is not a security issue because only the website can modify the cookies. 3rd Parties cannot alter the cookie value as the browser is responsible to secure the cookies. The scenario of attacking the local machine and getting the cookie is another issue that the victim should care about because even if the attacker retrieves the cookie, there's no need to evaluate a script on it. They can log in to your account with the cookie without any password and do whatever they want.
    As summary, this is not a real-world attack vector.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19