This article is a part of our Vulnerability Database (back to index)

Cross-site Scripting occurrences in Automad

A vulnerability has been found in automad up to 1.10.9 and classified as problematic. This vulnerability affects the Dashboard. The manipulation of the argument title with the input Home leads to a cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit details have disclosed to the public and may be used. (2022-04-29, <a class="link" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1536">CVE-2022-1536</a>)</p></p> </div> <h2 class="typo-h4 m-40"> <p>Why Cross-site Scripting can be dangerous</p> </h2> <div style="margin: 2em;"> <p>Cross site scripting is an attack where a web page executes code that is injected by an adversary. It usually appears, when users input is presented. This attack can be used to impersonate a user, take over control of the session, or even steal API keys.</p> <p>The attack can be executed e.g. when you application injects the request parameter directly into the HTML code of the page returned to the user:</p> <p class="feature-text">https://server.com/confirmation?message=Transaction+Complete</p> <p>what results in:</p> <p class="feature-text"><span>Confirmation: Transaction Complete</span></p> <p>In that case the message can be modified to become a valid Javascript code, e.g.:</p> <p class="feature-text">https://server.com/confirmation?message=<script>dangerous javascript code here</script></p> <p>and it will be executed locally by the user's browser with full access to the user's personal application/browser data:</p> <p class="feature-text"><span>Confirmation: <script>dangerous javascript code here</script></span></p> </div> <a href="/scan-now" class="btn btn--fill"><span>Scan Your Web App Now</span></a> </div> </div> </section> </div> <section class="get-started"> <div class="wrap wrap--inner animate"> <div class="header header--center"> <div class="typo-h2"> <h5>Scan your application<br> for 14 days for free</h5> </div> <p>No credit card is required. No commitment.</p> </div> <a href="/register" class="btn btn--fill"><span>Sign Up Free</span></a> </div> </section> <footer class="footer"> <div class="wrap wrap--inner clearfix"> <div class="col"> <h6>Contact</h6> <p><strong><a href="mailto:team@scanrepeat.com">team@scanrepeat.com</a><br>+1 (415) 340-8020</strong></p> <p><strong>ScanRepeat</strong><br>a Ventures CDX company</p> <p><strong>USA</strong><br>117 Park Avenue, San Jose<br>CA 95113</p> <p><strong>EMEA</strong><br>Laciarska 4, 50-104 Wroclaw<br>Poland</p> </div> <div class="col"> <h6>Product</h6> <ul> <li class=""> <a href="/features" title="Features">Features</a> </li> <li class=""> <a href="/#pricing" title="Pricing">Pricing</a> </li> <li class=""> <a href="/#faq" title="FAQ">FAQ</a> </li> <li class=""> <a href="/#how-it-works" title="How it works">How it works</a> </li> <li class=""> <a href="/web-security-knowledge-base" title="Web Security Knowledge Base">Web Security Knowledge Base</a> </li> <li class=""> <a href="/security-tests" title="Security tests">Security tests</a> </li> <li class=""> <a href="/top-security-issues" title="Top Security Issues (last 30 days)">Top Security Issues (last 30 days)</a> </li> </ul> </div> <div class="col"> <h6>Legal</h6> <ul> <li class=""> <a href="/terms" title="Terms of use">Terms of use</a> </li> <li class=""> <a href="/privacy-policy" title="Privacy policy">Privacy policy</a> </li> <li class=""> <a href="/cookies-policy" title="Cookies policy">Cookies policy</a> </li> </ul> </div> <div class="footer__social social"> <ul> <li> <a href="https://www.facebook.com/ScanRepeat/" aria-label="Facebook" target="_blank" rel="nofollow"><i class="icon-facebook"></i></a> </li> <li> <a href="https://twitter.com/ScanRepeat" aria-label="Twitter" target="_blank" rel="nofollow"><i class="icon-twitter"></i></a> </li> <li> <a href="https://www.linkedin.com/showcase/scanrepeat/" aria-label="LinkedIn" target="_blank" rel="nofollow"><i class="icon-linkedin"></i></a> </li> <li> <a href="https://github.com/ScanRepeat" aria-label="GitHub" target="_blank" rel="nofollow"><i class="icon-github"></i></a> </li> <!-- <li> <a href="" target="_blank" rel="nofollow"><i class="icon-youtube"></i></a> </li> --> </ul> </div> </div> <div class="wrap wrap--inner"> <div class="footer__copy"> <p>© ScanRepeat 2020</p> </div> </div> </footer> </main> <script src="/vendor/scripts/vendor.js?v=2301101430"></script> <script src="/vendor/scripts/main.js?v=2301101430"></script> <script src="/vendor/scripts/public_general.js?v=2301101430"></script> </body> </html>