skip to content
Back to GitHub.com
Home Bounties Research Advisories Get Involved Events
April 5, 2022

GHSL-2021-1035: Cross-Site Scripting (XXS) in Cockpit Next - CVE-2021-32857

GitHub Security Lab

Coordinated Disclosure Timeline

Summary

Bad HTML sanitization in htmleditor.js may lead to cross-site scripting (XSS) issues.

Product

Cockpit Next

Tested Version

Latest at time of writing (0c6628c)

Details

Issue: Bad HTML sanitization in htmleditor.js (GHSL-2021-1035)

The HTML sanitizer does not account for closing tags with trailing spaces. e.g: </script >. Therefore any malicious scripts in the form of <script>alert(document.domain)</script > will survive the sanitization and will get executed.

Impact

This issue may lead to cross-site scripting (XSS).

Resources

This issue was found using the following CodeQL Query.

PoC:

CVE

Credit

This issue was discovered and reported by GitHub team member @erik-krogh (Erik Krogh Kristensen).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2021-1035 in any communication regarding this issue.