Summary
Stored XSS in the jobs list. A malicious YARA rule name is reflected unescaped in the job_first_rule_name attribute of the Delete button.
When another user clicks Delete job!, JavaScript executes. The delete confirmation modal also inserts the rule name via jQuery .html().
Severity
High — authenticated stored XSS; session cookie has HttpOnly disabled by default.
Affected files:
web/application/views/jobs_general.php (~line 132)
web/media/main_script.js (~line 80)
Steps to reproduce
- Log in as a user who can submit jobs.
- Submit a job with this rule:
rule x" onclick="alert('XSS-by-MOSHii')" x=" {
strings:
$s = "test"
condition:
false
}
Summary
Stored XSS in the jobs list. A malicious YARA rule name is reflected unescaped in the job_first_rule_name attribute of the Delete button.
When another user clicks Delete job!, JavaScript executes. The delete confirmation modal also inserts the rule name via jQuery .html().
Severity
High — authenticated stored XSS; session cookie has HttpOnly disabled by default.
Affected files:
web/application/views/jobs_general.php (~line 132)
web/media/main_script.js (~line 80)
Steps to reproduce
rule x" onclick="alert('XSS-by-MOSHii')" x=" {
strings:
$s = "test"
condition:
false
}