This article is a part of our Vulnerability Database
(back to index)
Cross-site Scripting occurrences in Automad
A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home
leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used. (2022-04-29, <a class="link" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1536">CVE-2022-1536</a>)</p></p>
</div>
<h2 class="typo-h4 m-40">
<p>Why Cross-site Scripting can be dangerous</p>
</h2>
<div style="margin: 2em;">
<p>Cross site scripting is an attack where a web page executes code that is injected by an adversary. It usually appears, when users input is presented. This attack can be used to impersonate a user, take over control of the session, or even steal API keys.</p>
<p>The attack can be executed e.g. when you application injects the request parameter directly into the HTML code of the page returned to the user:</p>
<p class="feature-text">https://server.com/confirmation?message=Transaction+Complete</p>
<p>what results in:</p>
<p class="feature-text"><span>Confirmation: Transaction Complete</span></p>
<p>In that case the message can be modified to become a valid Javascript code, e.g.:</p>
<p class="feature-text">https://server.com/confirmation?message=<script>dangerous javascript code here</script></p>
<p>and it will be executed locally by the user's browser with full access to the user's personal application/browser data:</p>
<p class="feature-text"><span>Confirmation: <script>dangerous javascript code here</script></span></p>
</div>
<a href="/scan-now" class="btn btn--fill"><span>Scan Your Web App Now</span></a>
</div>
</div>
</section>
</div>
<section class="get-started">
<div class="wrap wrap--inner animate">
<div class="header header--center">
<div class="typo-h2">
<h5>Scan your application<br> for 14 days for free</h5>
</div>
<p>No credit card is required. No commitment.</p>
</div>
<a href="/register" class="btn btn--fill"><span>Sign Up Free</span></a>
</div>
</section>
<footer class="footer">
<div class="wrap wrap--inner clearfix">
<div class="col">
<h6>Contact</h6>
<p><strong><a href="mailto:team@scanrepeat.com">team@scanrepeat.com</a><br>+1 (415) 340-8020</strong></p>
<p><strong>ScanRepeat</strong><br>a Ventures CDX company</p>
<p><strong>USA</strong><br>117 Park Avenue, San Jose<br>CA 95113</p>
<p><strong>EMEA</strong><br>Laciarska 4, 50-104 Wroclaw<br>Poland</p>
</div>
<div class="col">
<h6>Product</h6>
<ul>
<li class="">
<a href="/features" title="Features">Features</a>
</li>
<li class="">
<a href="/#pricing" title="Pricing">Pricing</a>
</li>
<li class="">
<a href="/#faq" title="FAQ">FAQ</a>
</li>
<li class="">
<a href="/#how-it-works" title="How it works">How it works</a>
</li>
<li class="">
<a href="/web-security-knowledge-base" title="Web Security Knowledge Base">Web Security Knowledge Base</a>
</li>
<li class="">
<a href="/security-tests" title="Security tests">Security tests</a>
</li>
<li class="">
<a href="/top-security-issues" title="Top Security Issues (last 30 days)">Top Security Issues (last 30 days)</a>
</li>
</ul>
</div>
<div class="col">
<h6>Legal</h6>
<ul>
<li class="">
<a href="/terms" title="Terms of use">Terms of use</a>
</li>
<li class="">
<a href="/privacy-policy" title="Privacy policy">Privacy policy</a>
</li>
<li class="">
<a href="/cookies-policy" title="Cookies policy">Cookies policy</a>
</li>
</ul>
</div>
<div class="footer__social social">
<ul>
<li>
<a href="https://www.facebook.com/ScanRepeat/" aria-label="Facebook" target="_blank" rel="nofollow"><i class="icon-facebook"></i></a>
</li>
<li>
<a href="https://twitter.com/ScanRepeat" aria-label="Twitter" target="_blank" rel="nofollow"><i class="icon-twitter"></i></a>
</li>
<li>
<a href="https://www.linkedin.com/showcase/scanrepeat/" aria-label="LinkedIn" target="_blank" rel="nofollow"><i class="icon-linkedin"></i></a>
</li>
<li>
<a href="https://github.com/ScanRepeat" aria-label="GitHub" target="_blank" rel="nofollow"><i class="icon-github"></i></a>
</li>
<!-- <li> <a href="" target="_blank" rel="nofollow"><i class="icon-youtube"></i></a> </li> -->
</ul>
</div>
</div>
<div class="wrap wrap--inner">
<div class="footer__copy">
<p>© ScanRepeat 2020</p>
</div>
</div>
</footer>
</main>
<script src="/vendor/scripts/vendor.js?v=2301101430"></script>
<script src="/vendor/scripts/main.js?v=2301101430"></script>
<script src="/vendor/scripts/public_general.js?v=2301101430"></script>
</body>
</html> 