Summary
Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.
Details
All dojo users can create pages which allow serving arbitrary files. This can allow html files to be served and thus stored XSS can be created on the dojo's origin.
PoC
- Create a git repository
- Add an html file with any arbitrary JS scripts
- Add a dojo.yml file with an entry in pages pointing to that html file
- Commit and push the repository
- Create or update a dojo with that repository
- Navigate to the new custom page
- XSS occurs
Impact
This is an XSS vulnerability where website users may perform dangerous actions without their knowledge.
cjreed121 Reporter
Summary
Missing access control on rendering custom (unprivileged) dojo pages causes ability for users to create stored XSS.
Details
All dojo users can create pages which allow serving arbitrary files. This can allow html files to be served and thus stored XSS can be created on the dojo's origin.
PoC
Impact
This is an XSS vulnerability where website users may perform dangerous actions without their knowledge.