search

Security-Tools-Alliance / rengine-ng

reNgine-ng is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.
GNU General Public License v3.0
12 stars 6 forks source link

bug(scope): XSS with Certain Vulnerability in Nuclei #117

Closed estebanramos closed 1 week ago

estebanramos commented 1 week ago

Current Behavior

Is there an existing issue for this?

Current Behavior

The XSS Payload attached triggers an Stored XSS with the vulnerability Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting

{\"Test<img src=x onerror=alert(document.domain)>\":1}

Expected Behavior

No XSS payloads inside a Vulnerability Description should trigger the actual vulnerability

Steps To Reproduce

  1. Scan a Keycloak Target with 10.00 - 18.00 Version
  2. Go to Vulnerabilities
  3. The XSS is Triggered if Keycloak 10.0.0 - 18.0.0 - Cross-Site Scripting is found within Nuclei

Environment

- reNgine: 2.0.6
- OS: Ubuntu 11,4.0
- Python: 3.11.8
- Docker Engine: 20.10.13
- Docker Compose: 1.29.2
- Browser: Brave 1.64.116

Anything else?

vuln1

Acknowledgements

psyray commented 1 week ago

Thanks for your report, we will try to sanitize data before displaying it in the UI

psyray commented 1 week ago

Could you post the location of the payload, ie: a screen of the developer console showing payload Thx

estebanramos commented 1 week ago

Sure, here it is Captura de pantalla 2024-06-25 123040

psyray commented 1 week ago

Fixed, could you test this PR to validate fix please