Research Advisories CodeQL Wall of Fame

Events Get Involved

August 18, 2022

GHSL-2022-029: XSS in Toast UI Grid - CVE-2022-23458

Erik Krogh Kristensen, Stephan Brandauer, Daniel Santos

Coordinated Disclosure Timeline

2022-05-12: Opened an issue asking for a security contact
2022-05-16: Asked for a security contact oss@nhn.com (Undelivered)
2022-06-12: Asked for a security contact dohyung.ahn@nhn.com
2022-06-21: daeyeon.kim@nhn.com contacts the Security Lab regarding the opened issue
2022-06-21: Report sent to daeyeon.kim@nhn.com
2022-07-14: The vulnerability is fixed.
2022-08-12: CVE-2022-23458 assigned.

Summary

The nhn/tui.grid component is vulnerable to XSS attacks when pasting specially crafted content into editable cells.

Product

Toast UI Grid

Tested Version

Details

Issue: XSS pasting HTML in editable cell (`GHSL-2022-029`)

There is a vulnerability when specially crafted html content is pasted in an editable cell.

PoC:

Open https://cdn.sekurak.pl/copy-paste/playground.html
Paste <img src="" onerror="alert(123)" /> into the HTML Input box and click Copy as HTML
Go to https://ui.toast.com/tui-grid
Double click an input cell (eg. one in the “Artist” column), and paste the HTML you copied in [2].
Exit the cell by clicking any other cell.
JavaScript: alert(123) is executed.

Impact

This issue may lead to XSS.

Resources

Fix commit.

CVE

CVE-2022-23458

Credit

This issue was discovered by CodeQL team members @kaeluka (Stephan Brandauer) and @erik-krogh (Erik Krogh Kristensen), using a CodeQL query originally contributed by community member @bananabr (Daniel Santos).

Contact

You can contact the GHSL team at securitylab@github.com, please include a reference to GHSL-2022-029 in any communication regarding this issue.