bug: XSS test creates links that trigger XSS #1415

Rho-9-Official · 2024-09-04T10:32:59Z

Honestly this one explains it all, but I was scanning a site upon request, and found they're vulnerable to XSS....and so is Rengine

Expected behavior would be to display the URLs, with extra handling to account for the links having XSS payloads

scan an XSS vulnerable site like this one

when you go to view the vulnerabilities....have fun clicking out of several pop up boxes that got injected

- reNgine: 
- OS: 
- Python: 
- Docker Engine: 
- Docker Compose: 
- Browser:

No response

github-actions · 2024-09-04T10:33:13Z

Hey @Rho-9-Official! 👋 Thanks for flagging this bug! 🐛🔍

You're our superhero bug hunter! 🦸‍♂️🦸‍♀️ Before we suit up to squash this bug, could you please:

📚 Double-check our documentation: https://rengine.wiki
🕵️ Make sure it's not a known issue
📝 Provide all the juicy details about this sneaky bug

Once again - thanks for your vigilance! 🛠️🚀

yogeshojha · 2024-09-04T13:59:49Z

Hi @Rho-9-Official do you mind submitting this via https://github.com/yogeshojha/rengine/security
It will be easier for me to manage security reports from there and maybe we could assign you a CVE ID as well.

Thanks

yogeshojha · 2024-09-05T01:47:50Z

Reported as security report

Rho-9-Official added the bug Something isn't working label Sep 4, 2024

yogeshojha closed this as completed Sep 5, 2024

Provide feedback