The company has discovered a potential Cross-Site Scripting (XSS) vulnerability in YASGUI. The vulnerability is caused by the way YASGUI handles the SPARQL result set JSON returned by a malicious endpoint URL. Specifically, the SPARQL result set JSON can be abused to execute JavaScript code and trigger an XSS attack on the web application.
To reproduce the vulnerability, the following endpoint URL can be used:
This endpoint URL contains a payload that includes an unescaped HTML code that can be used to execute JavaScript code and trigger an XSS attack. The payload is as follows:
Same source as in #220
The company has discovered a potential Cross-Site Scripting (XSS) vulnerability in YASGUI. The vulnerability is caused by the way YASGUI handles the SPARQL result set JSON returned by a malicious endpoint URL. Specifically, the SPARQL result set JSON can be abused to execute JavaScript code and trigger an XSS attack on the web application.
To reproduce the vulnerability, the following endpoint URL can be used:
https://rtp7.ch/sparql_poc.php
This endpoint URL contains a payload that includes an unescaped HTML code that can be used to execute JavaScript code and trigger an XSS attack. The payload is as follows: